PT-2015-1587 · Moodle · Moodle
Barry Oosthuizen
·
Publicado
2015-03-18
·
Atualizado
2022-05-13
·
CVE-2015-2266
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.5.9 and earlier
Moodle versions 2.6.x before 2.6.9
Moodle versions 2.7.x before 2.7.6
Moodle versions 2.8.x before 2.8.4
Description
The issue is related to the lack of protection for service data in the message/index.php component of the Moodle learning management system. This allows a remote authenticated user to obtain sensitive personal contact and unread message count information by modifying a URL.
Recommendations
For Moodle versions 2.5.9 and earlier, update to a version later than 2.5.9.
For Moodle versions 2.6.x before 2.6.9, update to version 2.6.9 or later.
For Moodle versions 2.7.x before 2.7.6, update to version 2.7.6 or later.
For Moodle versions 2.8.x before 2.8.4, update to version 2.8.4 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle