Описание
Moodle allows attackers to read SCORM contents
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5341
- https://github.com/moodle/moodle/commit/03b1f63d40d09c206f641b246110c2371d3068a2
- https://github.com/moodle/moodle/commit/3d58fd5841308018b32ca78206c74f27c4d4b9c3
- https://github.com/moodle/moodle/commit/5f65bb2e436620f9026b363484294299c2327740
- https://github.com/moodle/moodle/commit/d01512e36c449f52ddc5e41db567d8f375fc153d
- https://github.com/moodle/moodle/commit/d28eedd5363b4f081f9e66d0c9014d84792a89d7
- https://github.com/moodle/moodle/commit/f1178ebcd9cf1c149892335c52f6ccad066e3e05
- https://github.com/moodle/moodle/commit/fe9bd2b8bb73e958067f2bdb227a8d0e7cffbcda
- https://moodle.org/mod/forum/discuss.php?d=323236
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837
Пакеты
moodle/moodle
< 2.7.11
2.7.11
moodle/moodle
>= 2.8.0, < 2.8.9
2.8.9
moodle/moodle
>= 2.9.0, < 2.9.3
2.9.3
Связанные уязвимости
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю обойти существующие ограничения доступа