Описание
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 3.0.3+dfsg-0ubuntu1 |
| cosmic | released | 3.0.3+dfsg-0ubuntu1 |
| devel | released | 3.0.3+dfsg-0ubuntu1 |
| disco | released | 3.0.3+dfsg-0ubuntu1 |
| esm-apps/bionic | released | 3.0.3+dfsg-0ubuntu1 |
| esm-apps/xenial | released | 3.0.3+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
Показывать по
EPSS
4 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.1 ...
Moodle allows attackers to obtain sensitive category-detail information
EPSS
4 Medium
CVSS2
4.3 Medium
CVSS3