#VU39811 Permissions, Privileges, and Access Controls in Moodle - CVE-2016-8644
Published: January 20, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39811
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-8644
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Moodle
Moodle
Software vendor:
moodle.org
moodle.org
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
Remediation
Install update from vendor's website.