Lucene search
GoogleOSV:GHSA-GMHR-6F43-7QPJHistoryMay 13, 2022 - 1:12 a.m.
Moodle does not properly implement group-based access restrictions
2022-05-1301:12:47
Google
osv.dev
4
moodle
group-based access
enrol/externallib.php
vulnerability
web service
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51861
github.com/moodle/moodle
github.com/moodle/moodle/commit/12bc713081dc24b6eedea54281876e7c3f5579a6
github.com/moodle/moodle/commit/512633461ae239677342b40d318803e15e1fd1aa
github.com/moodle/moodle/commit/b26b2407908abb1a8a4d37aebc18e03139c9776f
moodle.org/mod/forum/discuss.php?d=323234
nvd.nist.gov/vuln/detail/CVE-2015-5339
Related
github
github
Moodle does not properly implement group-based access restrictions
2022-05-13 01:12:47
cve
cve
CVE-2015-5339
2016-02-22 05:59:17
cvelist
cvelist
CVE-2015-5339
2016-02-22 02:00:00
prion
prion
Design/Logic Flaw
2016-02-22 05:59:00
veracode
veracode
Information Disclosure
2017-07-26 21:34:29
ubuntucve
ubuntucve
CVE-2015-5339
2016-02-22 00:00:00
nvd
nvd
CVE-2015-5339
2016-02-22 05:59:17
nessus
nessus
Moodle < 2.7.11 / 2.8.x < 2.8.9 / 2.9.x < 2.9.3 Multiple Vulnerabilities
2016-04-08 00:00:00
Fedora 23 : moodle-2.9.3-1.fc23 (2015-98fc0d20ad)
2016-03-04 00:00:00
Fedora 22 : moodle-2.8.9-1.fc22 (2015-2ebdd4ad8f)
2016-03-04 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0464)
2015-12-08 00:00:00
Fedora Update for moodle FEDORA-2015-2
2015-12-12 00:00:00
mageia
mageia
Updated moodle packages fix security vulnerability
2015-12-05 13:03:58
fedora
fedora
[SECURITY] Fedora 22 Update: moodle-2.8.9-1.fc22
2015-12-12 01:55:37
[SECURITY] Fedora 23 Update: moodle-2.9.3-1.fc23
2015-12-11 23:57:23