PT-2014-5422 · Moodle · Moodle
Amanda Doughty
·
Publicado
2014-09-15
·
Atualizado
2022-05-13
·
CVE-2014-3617
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.4.11
Moodle versions 2.5.x prior to 2.5.8
Moodle versions 2.6.x prior to 2.6.5
Moodle versions 2.7.x prior to 2.7.2
Description
The issue allows remote authenticated users to bypass the individual answer-posting requirement and discover an author's username by leveraging the student role and visiting a Q&A forum. This is achieved through the
forum print latest discussions function in mod/forum/lib.php.Recommendations
For Moodle versions prior to 2.4.11, update to version 2.4.11 or later.
For Moodle versions 2.5.x prior to 2.5.8, update to version 2.5.8 or later.
For Moodle versions 2.6.x prior to 2.6.5, update to version 2.6.5 or later.
For Moodle versions 2.7.x prior to 2.7.2, update to version 2.7.2 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle