PT-2015-1606 · Moodle · Moodle

Juan Leyva

Published

2015-01-20

Updated

2022-05-13

CVE-2015-0214

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.7 Moodle versions 2.7.x before 2.7.4 Moodle versions 2.8.x before 2.8.2

Description The issue is related to insufficient access control in the message/externallib.php component of the Moodle learning management system. This allows a remote authenticated user to bypass the messaging-disabled setting by sending a specially crafted web-services request. For example, this can be achieved through a people-search request.

Recommendations For Moodle versions 2.5.9 and earlier, update to version 2.6.7 or later. For Moodle versions 2.6.x before 2.6.7, update to version 2.6.7 or later. For Moodle versions 2.7.x before 2.7.4, update to version 2.7.4 or later. For Moodle versions 2.8.x before 2.8.2, update to version 2.8.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-10939

CVE-2015-0214

GHSA-4JM2-C9JR-6PRF

MGASA-2015-0032

Affected Products

Moodle

PT-2015-1606 · Moodle · Moodle

CVE-2015-0214

Weakness Enumeration

Related Identifiers

Affected Products

References · 27