CVE-2016-2157

Опубликовано: 22 мая 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.6.11 (включая)

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00156

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2016-2157

CVSS3: 8.8

ubuntu

около 9 лет назад

CVE-2016-2157

CVSS3: 8.8

debian

около 9 лет назад

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminman ...

GHSA-f5pm-c4cw-563p

CVSS3: 8.8

github

около 3 лет назад

Moodle cross-site request forgery (CSRF) vulnerability

EPSS

Процентиль: 37%

0.00156

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352