Main Vulnerability Database Vulnerabilities #VU39159

Information disclosure in Moodle - CVE-2016-3731

Published: April 21, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39159

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-3731

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.

How to mitigate CVE-2016-3731

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2016/05/17/4
http://www.securitytracker.com/id/1035902
https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Information disclosure in Moodle - CVE-2016-3731

Detailed vulnerability description

How to mitigate CVE-2016-3731

Sources

Please verify you're human