PT-2017-1086 · Moodle · Moodle

Martin Gauk

Published

2017-01-20

Updated

2022-05-13

CVE-2016-8642

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions 2.x through 3.x

Description The issue is related to insufficient access control in the question engine service of the Moodle learning management system. This can allow a remote attacker to breach information confidentiality. The question engine allows access to files that should not be available.

Recommendations For Moodle versions 2.x through 3.x, consider restricting access to the question engine service until a proper fix is applied. As a temporary workaround, restrict access to sensitive files that should not be available through the question engine.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2017-00179

CVE-2016-8642

GHSA-X32V-7QW8-CPQ8

Affected Products

Moodle

PT-2017-1086 · Moodle · Moodle

CVE-2016-8642

Weakness Enumeration

Related Identifiers

Affected Products

References · 13