PT-2015-1575 · Moodle · Moodle
Federico Kirschbaum
·
Published
2015-05-18
·
Updated
2022-05-13
·
CVE-2015-3176
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.6.11
Moodle versions prior to 2.7.8
Moodle versions prior to 2.8.6
Moodle version 2.5.9
Description
The issue is related to the account-confirmation feature in the login/confirm.php component, which lacks protection of service data. This allows remote attackers to obtain sensitive full-name information by attempting to self-register. The vulnerability can be exploited by a remote attacker to gain access to user account data during self-registration attempts.
Recommendations
For versions prior to 2.6.11, update to version 2.6.11 or later.
For versions prior to 2.7.8, update to version 2.7.8 or later.
For versions prior to 2.8.6, update to version 2.8.6 or later.
For version 2.5.9, update to a later version, as 2.5.9 is affected and no direct upgrade path to a fixed version is specified within the provided information.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle