Описание
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.11 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00193
Низкий
4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 11 лет назад
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.
debian
больше 11 лет назад
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6. ...
github
около 3 лет назад
Moodle allows attackers to modify the visibility of a badge
EPSS
Процентиль: 42%
0.00193
Низкий
4 Medium
CVSS2
Дефекты
CWE-264