PT-2015-1579 · Moodle · Moodle
Alex Mitin
·
Published
2015-05-18
·
Updated
2022-05-13
·
CVE-2015-3180
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.5.9 and earlier
Moodle versions 2.6.x before 2.6.11
Moodle versions 2.7.x before 2.7.8
Moodle versions 2.8.x before 2.8.6
Description
The issue allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. This is related to a lack of protection for internal data in the lib/navigationlib.php component of the Moodle learning management system. An attacker can exploit this issue to gain access to protected information using a student account.
Recommendations
For Moodle versions 2.5.9 and earlier, update to a version later than 2.5.9.
For Moodle versions 2.6.x before 2.6.11, update to version 2.6.11 or later.
For Moodle versions 2.7.x before 2.7.8, update to version 2.7.8 or later.
For Moodle versions 2.8.x before 2.8.6, update to version 2.8.6 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle