Main Vulnerability Database Vulnerabilities #VU40469

Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5264

Published: February 22, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40469

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-5264

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to read and manipulate data.

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

How to mitigate CVE-2015-5264

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
http://www.openwall.com/lists/oss-security/2015/09/21/1
http://www.securitytracker.com/id/1033619
https://moodle.org/mod/forum/discuss.php?d=320287

Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5264

Detailed vulnerability description

How to mitigate CVE-2015-5264

Sources

Please verify you're human