CVE-2015-0215

Name of the Vulnerable Software and Affected Versions Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.7 Moodle versions 2.7.x before 2.7.4 Moodle versions 2.8.x before 2.8.2

Description The issue is related to the lack of protection for service data in the calendar/externallib.php component of the Moodle learning management system. This allows a remote authenticated user to obtain sensitive calendar event information via a specially crafted web services request.

Recommendations For Moodle versions 2.5.9 and earlier, update to version 2.6.7 or later. For Moodle versions 2.6.x before 2.6.7, update to version 2.6.7 or later. For Moodle versions 2.7.x before 2.7.4, update to version 2.7.4 or later. For Moodle versions 2.8.x before 2.8.2, update to version 2.8.2 or later.