Lucene search

Veracode Vulnerability DatabaseVERACODE:4523

HistoryJul 04, 2017 - 8:41 a.m.

Authorization Bypass

2017-07-0408:41:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

JSON

Moodle is vulnerable to authorization bypass. The attacks can be launched because the verification of the view/edit permissions in students’ Wiki pages is insufficient, allowing one student to view and edit anothers’ Wiki pages without authorization.

CPENameOperatorVersion
moodle/moodlele2.6.1
moodle/moodlele2.4.8
moodle/moodlele2.5.4
moodle/moodlele2.3.11

Name	Operator	Version
moodle/moodle	le	2.6.1
moodle/moodle	le	2.4.8
moodle/moodle	le	2.5.4
moodle/moodle	le	2.3.11

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990

openwall.com/lists/oss-security/2014/03/17/1

git.moodle.org/gw?p=moodle.git;a=commit;h=3a7b9b76c2d3c58237bec56b3b537e05c23970ad

moodle.org/mod/forum/discuss.php?d=256419

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

JSON

Related for VERACODE:4523