Описание
Moodle sensitive information disclosure
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-2190
- https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375
- https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14
- https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5
- https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e
- https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb
- https://moodle.org/mod/forum/discuss.php?d=330181
- https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651
- http://www.openwall.com/lists/oss-security/2016/03/21/1
Пакеты
moodle/moodle
<= 2.6.11
Отсутствует
moodle/moodle
>= 2.7.0, < 2.7.13
2.7.13
moodle/moodle
>= 2.8.0, < 2.8.11
2.8.11
moodle/moodle
>= 2.9.0, < 2.9.5
2.9.5
moodle/moodle
>= 3.0.0, < 3.0.3
3.0.3
Связанные уязвимости
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю получить доступ к защищаемой информации