GHSA-m882-j7gq-v9p7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m882-j7gq-v9p7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m882-j7gq-v9p7/GHSA-m882-j7gq-v9p7.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m882-j7gq-v9p7
- Aliases
- Published
- 2022-05-13T01:12:38Z
- Modified
- 2024-01-26T20:56:39.066433Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Moodle allows attackers to obtain sensitive category-detail information
- Details
-
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
- Database specific
{ "nvd_published_at": "2016-05-22T20:59:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-26T20:14:55Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-2158
- https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a
- https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261
- https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184
- https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e
- https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=330180
- https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774
- http://www.openwall.com/lists/oss-security/2016/03/21/1
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.13
Affected versions
v2.*
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.4.0-rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.4.11
v2.5.0-beta
v2.5.0-rc1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0-beta
v2.6.0-rc1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.6.10
v2.6.11
v2.7.0-beta
v2.7.0-rc1
v2.7.0-rc2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.7.10
v2.7.11
v2.7.12
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle