PT-2015-1578 · Moodle · Moodle
Marina Glancy
·
Publicado
2015-05-18
·
Atualizado
2022-05-13
·
CVE-2015-3179
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.5.10
Moodle versions 2.6.x through 2.6.10
Moodle versions 2.7.x through 2.7.7
Moodle versions 2.8.x through 2.8.5
Description
The issue is related to insufficient access control in the login/confirm.php component of the Moodle learning management system. This can be exploited by a remote attacker to bypass login restrictions by accessing the system using a suspended account.
Recommendations
For Moodle versions prior to 2.5.10, update to version 2.5.10 or later.
For Moodle versions 2.6.x through 2.6.10, update to version 2.6.11 or later.
For Moodle versions 2.7.x through 2.7.7, update to version 2.7.8 or later.
For Moodle versions 2.8.x through 2.8.5, update to version 2.8.6 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle