CVE-2016-3729

Опубликовано: 20 апр. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Ссылки

http://www.openwall.com/lists/oss-security/2016/05/17/4
Mailing List
Third Party Advisory
http://www.securitytracker.com/id/1035902
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/17/4
Mailing List
Third Party Advisory
http://www.securitytracker.com/id/1035902
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00379

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-3729

CVSS3: 6.5

ubuntu

около 8 лет назад

CVE-2016-3729

CVSS3: 6.5

debian

около 8 лет назад

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, ...

GHSA-g96h-wvrm-c2ww

CVSS3: 6.5

github

около 3 лет назад

Moodle Improper Access Control

EPSS

Процентиль: 59%

0.00379

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284