Описание
Moodle allows attackers to bypass intended login restrictions
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-3179
- https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937
- https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc
- https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0
- https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310
- https://moodle.org/mod/forum/discuss.php?d=313686
- https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725
- https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090
- http://openwall.com/lists/oss-security/2015/05/18/1
Пакеты
moodle/moodle
< 2.6.11
2.6.11
moodle/moodle
>= 2.7.0, < 2.7.8
2.7.8
moodle/moodle
>= 2.8.0, < 2.8.6
2.8.6
EPSS
CVE ID
Связанные уязвимости
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю обойти ограничения входа в систему
EPSS