Vulnerability-Lookup

CVE-2015-2270 (GCVE-0-2015-2270)

Vulnerability from cvelistv5 – Published: 2015-06-01 19:00 – Updated: 2024-08-06 05:10

Summary

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://git.moodle.org/gw?p=moodle.git&a=search&h=…	x_refsource_CONFIRM
	https://moodle.org/mod/forum/discuss.php?d=307384	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2015/03/16/1	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:15.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
          },
          {
            "name": "[oss-security] 20150316 Moodle security issues are now public",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-06-01T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
        },
        {
          "name": "[oss-security] 20150316 Moodle security issues are now public",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804",
              "refsource": "CONFIRM",
              "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
            },
            {
              "name": "https://moodle.org/mod/forum/discuss.php?d=307384",
              "refsource": "CONFIRM",
              "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
            },
            {
              "name": "[oss-security] 20150316 Moodle security issues are now public",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2270",
    "datePublished": "2015-06-01T19:00:00",
    "dateReserved": "2015-03-09T00:00:00",
    "dateUpdated": "2024-08-06T05:10:15.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.5.9\", \"matchCriteriaId\": \"83F79402-5EA5-42D8-8292-8C71C8BA748F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD1B5B42-ECA9-4888-B18E-AD8D282311DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EF03304-032C-4E85-A802-7CDAC89216FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"311BEFF3-A58A-4CA8-BE09-F8D081EA13A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7D2A1F8-82FF-4C1A-A872-71D93874EEAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86E79BB0-6017-441C-9B10-00E55FDF0986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA845882-C0F4-4522-94B2-9AA21A08887A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48F341A8-0AC8-4033-8C99-0249B7289F9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CE1A520-762B-4A35-8075-ED4ECA0A1CB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9803CBE2-80A6-47EB-A782-CC8F1E66FBD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05112EC5-3AAA-499B-8763-345187529C09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71407960-077B-4407-B249-789436687D91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72728F94-D408-4CAD-A214-800B1D1C7971\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6925A366-37EB-41ED-85C8-B56D6A93D4EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6400F9D-9654-444F-9EBB-0F73025AD744\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66ED87A3-8237-4182-BEF5-052346067737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57441C51-2ADB-48B9-A655-82D6B1071C26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E8D7276-415B-4394-8CBE-53EB40B8C5BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E051AAC-EB40-491F-AF0E-EE8143C12567\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADBE87F-1855-453B-B958-0CB8A7908A06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B53A7D2-BDA2-4185-97C3-977A04876A37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A51DFFA8-DFF0-429C-B697-F82F41621FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19FD1565-0DA1-4BA8-A501-86F13D3D29ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D82CFE8-C38D-4FF3-BC4F-6C27AD64D9A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12737AF4-B2D5-4661-B06A-6A06FE95EC2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88C59A94-D225-478A-B23E-41C4324BC643\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D88385B1-EEFB-4825-BD8F-215C39FD86DA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"lib/moodlelib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4, cuando el tema utiliza la caracter\\u00edstica de regiones de bloques, establece el estado del curso en un punto incorrecto en el proceso de la validaci\\u00f3n del inicio de sesi\\u00f3n, lo que permite a atacantes remotos obtener informaci\\u00f3n sensible de cursos a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-2270",
      "lastModified": "2024-11-21T02:27:07.340",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-06-01T19:59:13.480",
      "references": "[{\"url\": \"http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://openwall.com/lists/oss-security/2015/03/16/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://moodle.org/mod/forum/discuss.php?d=307384\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://openwall.com/lists/oss-security/2015/03/16/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://moodle.org/mod/forum/discuss.php?d=307384\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-17\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2270\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-06-01T19:59:13.480\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"lib/moodlelib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4, cuando el tema utiliza la caracter\u00edstica de regiones de bloques, establece el estado del curso en un punto incorrecto en el proceso de la validaci\u00f3n del inicio de sesi\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de cursos a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-17\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.9\",\"matchCriteriaId\":\"83F79402-5EA5-42D8-8292-8C71C8BA748F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD1B5B42-ECA9-4888-B18E-AD8D282311DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EF03304-032C-4E85-A802-7CDAC89216FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"311BEFF3-A58A-4CA8-BE09-F8D081EA13A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7D2A1F8-82FF-4C1A-A872-71D93874EEAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86E79BB0-6017-441C-9B10-00E55FDF0986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA845882-C0F4-4522-94B2-9AA21A08887A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F341A8-0AC8-4033-8C99-0249B7289F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CE1A520-762B-4A35-8075-ED4ECA0A1CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9803CBE2-80A6-47EB-A782-CC8F1E66FBD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05112EC5-3AAA-499B-8763-345187529C09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71407960-077B-4407-B249-789436687D91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72728F94-D408-4CAD-A214-800B1D1C7971\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6925A366-37EB-41ED-85C8-B56D6A93D4EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6400F9D-9654-444F-9EBB-0F73025AD744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66ED87A3-8237-4182-BEF5-052346067737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57441C51-2ADB-48B9-A655-82D6B1071C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E8D7276-415B-4394-8CBE-53EB40B8C5BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E051AAC-EB40-491F-AF0E-EE8143C12567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADBE87F-1855-453B-B958-0CB8A7908A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B53A7D2-BDA2-4185-97C3-977A04876A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A51DFFA8-DFF0-429C-B697-F82F41621FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19FD1565-0DA1-4BA8-A501-86F13D3D29ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D82CFE8-C38D-4FF3-BC4F-6C27AD64D9A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12737AF4-B2D5-4661-B06A-6A06FE95EC2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88C59A94-D225-478A-B23E-41C4324BC643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D88385B1-EEFB-4825-BD8F-215C39FD86DA\"}]}]}],\"references\":[{\"url\":\"http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/03/16/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=307384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2015/03/16/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=307384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2015-03632

Vulnerability from cnvd - Published: 2015-06-08

Title

Moodle 'lib/moodlelib.php'敏感信息泄露漏洞

Description

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 'lib/moodlelib.php'脚本存在敏感信息泄露漏洞。由于主题使用blocks-regions功能时，不可访问的课程会和课程相关的信息共同显示。远程攻击者可通过require_login利用该漏洞获取敏感的课程信息。

Severity

中

Patch Name

Moodle 'lib/moodlelib.php'敏感信息泄露漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://moodle.org/mod/forum/discuss.php?d=307384

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2270 https://moodle.org/mod/forum/discuss.php?d=307384 http://openwall.com/lists/oss-security/2015/03/16/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804

Impacted products

Name
['Moodle Moodle <=2.5.9', 'Moodle Moodle 2.6.x(<2.6.9)', 'Moodle Moodle 2.7.x(<2.7.6)', 'Moodle Moodle 2.8.x(<2.8.4)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2270"
    }
  },
  "description": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle \u0027lib/moodlelib.php\u0027\u811a\u672c\u5b58\u5728\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u7531\u4e8e\u4e3b\u9898\u4f7f\u7528blocks-regions\u529f\u80fd\u65f6\uff0c\u4e0d\u53ef\u8bbf\u95ee\u7684\u8bfe\u7a0b\u4f1a\u548c\u8bfe\u7a0b\u76f8\u5173\u7684\u4fe1\u606f\u5171\u540c\u663e\u793a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7require_login\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u8bfe\u7a0b\u4fe1\u606f\u3002",
  "discovererName": "Sam Hemelryk",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://moodle.org/mod/forum/discuss.php?d=307384",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03632",
  "openTime": "2015-06-08",
  "patchDescription": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002 \r\n\r\nMoodle \u0027lib/moodlelib.php\u0027\u811a\u672c\u5b58\u5728\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u7531\u4e8e\u4e3b\u9898\u4f7f\u7528blocks-regions\u529f\u80fd\u65f6\uff0c\u4e0d\u53ef\u8bbf\u95ee\u7684\u8bfe\u7a0b\u4f1a\u548c\u8bfe\u7a0b\u76f8\u5173\u7684\u4fe1\u606f\u5171\u540c\u663e\u793a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7require_login\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u7684\u8bfe\u7a0b\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moodle \u0027lib/moodlelib.php\u0027\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Moodle Moodle \u003c=2.5.9",
      "Moodle Moodle  2.6.x(\u003c2.6.9)",
      "Moodle Moodle  2.7.x(\u003c2.7.6)",
      "Moodle Moodle  2.8.x(\u003c2.8.4)"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2270\r\nhttps://moodle.org/mod/forum/discuss.php?d=307384 \r\nhttp://openwall.com/lists/oss-security/2015/03/16/1 \r\nhttp://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-05",
  "title": "Moodle \u0027lib/moodlelib.php\u0027\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2015-AVI-115

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moodle	N/A	2.6 à 2.6.8 et antérieures
Moodle	N/A	2.8 à 2.8.3
Moodle	N/A	2.7 à 2.7.5

References

Title

Publication Time

Tags

Bulletin de sécurité Moodle MSA-15-0012 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0015 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0011 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0016 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0013 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0014 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0017 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0010 du 16 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "2.6 \u00e0 2.6.8 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    },
    {
      "description": "2.8 \u00e0 2.8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    },
    {
      "description": "2.7 \u00e0 2.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2267"
    },
    {
      "name": "CVE-2015-2270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2270"
    },
    {
      "name": "CVE-2015-2266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2266"
    },
    {
      "name": "CVE-2015-2269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2269"
    },
    {
      "name": "CVE-2015-2271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2271"
    },
    {
      "name": "CVE-2015-2272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2272"
    },
    {
      "name": "CVE-2015-2268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2268"
    },
    {
      "name": "CVE-2015-2273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2273"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-115",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0012 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307382"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0015 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307385"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0011 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307381"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0016 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307386"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0013 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307383"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0014 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0017 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307387"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0010 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307380"
    }
  ]
}

CERTFR-2015-AVI-115

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moodle	N/A	2.6 à 2.6.8 et antérieures
Moodle	N/A	2.8 à 2.8.3
Moodle	N/A	2.7 à 2.7.5

References

Title

Publication Time

Tags

Bulletin de sécurité Moodle MSA-15-0012 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0015 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0011 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0016 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0013 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0014 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0017 du 16 mars 2015	None	vendor-advisory
Bulletin de sécurité Moodle MSA-15-0010 du 16 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "2.6 \u00e0 2.6.8 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    },
    {
      "description": "2.8 \u00e0 2.8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    },
    {
      "description": "2.7 \u00e0 2.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2267"
    },
    {
      "name": "CVE-2015-2270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2270"
    },
    {
      "name": "CVE-2015-2266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2266"
    },
    {
      "name": "CVE-2015-2269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2269"
    },
    {
      "name": "CVE-2015-2271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2271"
    },
    {
      "name": "CVE-2015-2272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2272"
    },
    {
      "name": "CVE-2015-2268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2268"
    },
    {
      "name": "CVE-2015-2273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2273"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-115",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0012 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307382"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0015 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307385"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0011 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307381"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0016 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307386"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0013 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307383"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0014 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0017 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307387"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-15-0010 du 16 mars 2015",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307380"
    }
  ]
}

FKIE_CVE-2015-2270

Vulnerability from fkie_nvd - Published: 2015-06-01 19:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
cve@mitre.org	http://openwall.com/lists/oss-security/2015/03/16/1
cve@mitre.org	https://moodle.org/mod/forum/discuss.php?d=307384	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2015/03/16/1
af854a3a-2127-422b-91ae-364da2661108	https://moodle.org/mod/forum/discuss.php?d=307384	Vendor Advisory

Impacted products

Vendor	Product	Version
moodle	moodle	*
moodle	moodle	2.5.0
moodle	moodle	2.5.1
moodle	moodle	2.5.2
moodle	moodle	2.5.3
moodle	moodle	2.5.4
moodle	moodle	2.5.5
moodle	moodle	2.5.6
moodle	moodle	2.5.7
moodle	moodle	2.5.8
moodle	moodle	2.6.0
moodle	moodle	2.6.1
moodle	moodle	2.6.2
moodle	moodle	2.6.3
moodle	moodle	2.6.4
moodle	moodle	2.6.5
moodle	moodle	2.6.6
moodle	moodle	2.6.7
moodle	moodle	2.6.8
moodle	moodle	2.7.0
moodle	moodle	2.7.1
moodle	moodle	2.7.2
moodle	moodle	2.7.3
moodle	moodle	2.7.4
moodle	moodle	2.7.5
moodle	moodle	2.8.0
moodle	moodle	2.8.1
moodle	moodle	2.8.2
moodle	moodle	2.8.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F79402-5EA5-42D8-8292-8C71C8BA748F",
              "versionEndIncluding": "2.5.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF03304-032C-4E85-A802-7CDAC89216FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "311BEFF3-A58A-4CA8-BE09-F8D081EA13A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D2A1F8-82FF-4C1A-A872-71D93874EEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E79BB0-6017-441C-9B10-00E55FDF0986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA845882-C0F4-4522-94B2-9AA21A08887A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "48F341A8-0AC8-4033-8C99-0249B7289F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE1A520-762B-4A35-8075-ED4ECA0A1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9803CBE2-80A6-47EB-A782-CC8F1E66FBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05112EC5-3AAA-499B-8763-345187529C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71407960-077B-4407-B249-789436687D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72728F94-D408-4CAD-A214-800B1D1C7971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6925A366-37EB-41ED-85C8-B56D6A93D4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6400F9D-9654-444F-9EBB-0F73025AD744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "66ED87A3-8237-4182-BEF5-052346067737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "57441C51-2ADB-48B9-A655-82D6B1071C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8D7276-415B-4394-8CBE-53EB40B8C5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E051AAC-EB40-491F-AF0E-EE8143C12567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADBE87F-1855-453B-B958-0CB8A7908A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B53A7D2-BDA2-4185-97C3-977A04876A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51DFFA8-DFF0-429C-B697-F82F41621FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "19FD1565-0DA1-4BA8-A501-86F13D3D29ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D82CFE8-C38D-4FF3-BC4F-6C27AD64D9A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12737AF4-B2D5-4661-B06A-6A06FE95EC2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C59A94-D225-478A-B23E-41C4324BC643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "192EA69B-A1E1-4E0D-8E73-76EB74CCDE49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D88385B1-EEFB-4825-BD8F-215C39FD86DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "lib/moodlelib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4, cuando el tema utiliza la caracter\u00edstica de regiones de bloques, establece el estado del curso en un punto incorrecto en el proceso de la validaci\u00f3n del inicio de sesi\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de cursos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-2270",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-01T19:59:13.480",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-17"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FP4H-J22R-VWCV

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2024-01-25 20:56

Summary

Moodle allows attackers to obtain sensitive course information

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-2270"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-25T20:56:28Z",
    "nvd_published_at": "2015-06-01T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.",
  "id": "GHSA-fp4h-j22r-vwcv",
  "modified": "2024-01-25T20:56:28Z",
  "published": "2022-05-13T01:12:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Moodle allows attackers to obtain sensitive course information"
}

GSD-2015-2270

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2270

Aliases

CVE-2015-2270

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2270",
    "description": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.",
    "id": "GSD-2015-2270",
    "references": [
      "https://advisories.mageia.org/CVE-2015-2270.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2270"
      ],
      "details": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.",
      "id": "GSD-2015-2270",
      "modified": "2023-12-13T01:20:00.072579Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-2270",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804",
            "refsource": "CONFIRM",
            "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
          },
          {
            "name": "https://moodle.org/mod/forum/discuss.php?d=307384",
            "refsource": "CONFIRM",
            "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
          },
          {
            "name": "[oss-security] 20150316 Moodle security issues are now public",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2270"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-17"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-48804"
            },
            {
              "name": "[oss-security] 20150316 Moodle security issues are now public",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2015/03/16/1"
            },
            {
              "name": "https://moodle.org/mod/forum/discuss.php?d=307384",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://moodle.org/mod/forum/discuss.php?d=307384"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-12-01T14:54Z",
      "publishedDate": "2015-06-01T19:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2270 (GCVE-0-2015-2270)

CNVD-2015-03632

CERTFR-2015-AVI-115

Solution

CERTFR-2015-AVI-115

Solution

FKIE_CVE-2015-2270

GHSA-FP4H-J22R-VWCV

GSD-2015-2270

Tags

Sightings

Nomenclature