[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3177Date: (C)2015-06-03   (M)2023-12-22


Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1032358
BID-74721
http://openwall.com/lists/oss-security/2015/05/18/1
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50039
https://moodle.org/mod/forum/discuss.php?d=313684

CPE    5
cpe:/a:moodle:moodle:2.8.5
cpe:/a:moodle:moodle:2.8.4
cpe:/a:moodle:moodle:2.8.3
cpe:/a:moodle:moodle:2.8.2
...
CWE    1
CWE-17
OVAL    2
oval:org.secpod.oval:def:109522
oval:org.secpod.oval:def:109526

© SecPod Technologies