Описание
Moodle Improper Access Control
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3733
- https://github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6
- https://github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0
- https://github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139
- https://github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a
- https://bugzilla.redhat.com/show_bug.cgi?id=1335933
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
- http://www.openwall.com/lists/oss-security/2016/05/17/4
- http://www.securitytracker.com/id/1035902
Пакеты
moodle/moodle
>= 2.7, < 2.7.14
2.7.14
moodle/moodle
>= 2.8, < 2.8.12
2.8.12
moodle/moodle
>= 2.9, < 2.9.6
2.9.6
moodle/moodle
>= 3.0, < 3.0.4
3.0.4
Связанные уязвимости
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...