Lucene search

K

GoogleOSV:GHSA-M882-J7GQ-V9P7

HistoryMay 13, 2022 - 1:12 a.m.

Moodle allows attackers to obtain sensitive category-detail information

2022-05-1301:12:38

Google

osv.dev

4

moodle

forcelogin

remote attackers

sensitive information

navigation branch

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

54.8%

lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774

www.openwall.com/lists/oss-security/2016/03/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a

github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261

github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184

github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e

github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36

moodle.org/mod/forum/discuss.php?d=330180

nvd.nist.gov/vuln/detail/CVE-2016-2158

web.archive.org/web/20160424224349/www.securitytracker.com/id/1035333

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

54.8%

Related for OSV:GHSA-M882-J7GQ-V9P7

cvelist1 prion1 veracode1 ubuntucve1 github1 nvd1 cve1 fedora3 nessus5 openvas3 mageia1 freebsd1