PT-2016-5035 · Moodle · Moodle
Mark Mckay
·
Publicado
2016-03-25
·
Atualizado
2022-05-13
·
CVE-2016-2155
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.8.x through 2.8.10
Moodle versions 2.9.x through 2.9.4
Moodle versions 3.0.x through 3.0.2
Description
The grade-reporting feature in Singleview does not consider the
moodle/grade:manage capability. This allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role.Recommendations
For Moodle versions 2.8.x through 2.8.10, update to version 2.8.11 or later.
For Moodle versions 2.9.x through 2.9.4, update to version 2.9.5 or later.
For Moodle versions 3.0.x through 3.0.2, update to version 3.0.3 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle