Описание
Moodle allows attackers to obtain username and course information
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3546
- https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312
- https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90
- https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39
- https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9
- https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151
- https://moodle.org/mod/forum/discuss.php?d=264267
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
- http://openwall.com/lists/oss-security/2014/07/21/1
Пакеты
moodle/moodle
< 2.4.11
2.4.11
moodle/moodle
>= 2.5.0, < 2.5.7
2.5.7
moodle/moodle
>= 2.6.0, < 2.6.4
2.6.4
moodle/moodle
>= 2.7.0, < 2.7.1
2.7.1
EPSS
CVE ID
Связанные уязвимости
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...
EPSS