CVE-2016-0724

Published on: 02/21/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

  • CVE-2016-0724 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 4.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Official Moodle git projects - moodle.git/search git.moodle.org
text/xml
URL Logo CONFIRM git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072
[SECURITY] Fedora 23 Update: moodle-2.9.4-1.fc23 Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-1c10ab3c35
oss-security - [vs] moodle security release www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160118 [vs] moodle security release
Moodle.org: MSA-16-0001: Two enrolment-related web services don't check course visibility Vendor Advisory
moodle.org
text/html
URL Logo CONFIRM moodle.org/mod/forum/discuss.php?d=326205
Moodle Bugs Let Remote Users Access Hidden Course and Conduct Cross-Site Scripting Attacks - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1034694
[SECURITY] Fedora 22 Update: moodle-2.8.10-1.fc22 Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-fb2597f4eb

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora22AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora22AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
ApplicationMoodleMoodle2.7.0AllAllAll
ApplicationMoodleMoodle2.7.1AllAllAll
ApplicationMoodleMoodle2.7.10AllAllAll
ApplicationMoodleMoodle2.7.11AllAllAll
ApplicationMoodleMoodle2.7.2AllAllAll
ApplicationMoodleMoodle2.7.3AllAllAll
ApplicationMoodleMoodle2.7.4AllAllAll
ApplicationMoodleMoodle2.7.5AllAllAll
ApplicationMoodleMoodle2.7.6AllAllAll
ApplicationMoodleMoodle2.7.7AllAllAll
ApplicationMoodleMoodle2.7.8AllAllAll
ApplicationMoodleMoodle2.7.9AllAllAll
ApplicationMoodleMoodle2.8.0AllAllAll
ApplicationMoodleMoodle2.8.1AllAllAll
ApplicationMoodleMoodle2.8.2AllAllAll
ApplicationMoodleMoodle2.8.3AllAllAll
ApplicationMoodleMoodle2.8.4AllAllAll
ApplicationMoodleMoodle2.8.5AllAllAll
ApplicationMoodleMoodle2.8.6AllAllAll
ApplicationMoodleMoodle2.8.7AllAllAll
ApplicationMoodleMoodle2.8.8AllAllAll
ApplicationMoodleMoodle2.8.9AllAllAll
ApplicationMoodleMoodle2.9.0AllAllAll
ApplicationMoodleMoodle2.9.1AllAllAll
ApplicationMoodleMoodle2.9.2AllAllAll
ApplicationMoodleMoodle2.9.3AllAllAll
ApplicationMoodleMoodle3.0.0AllAllAll
ApplicationMoodleMoodle3.0.1AllAllAll
ApplicationMoodleMoodle2.7.0AllAllAll
ApplicationMoodleMoodle2.7.1AllAllAll
ApplicationMoodleMoodle2.7.10AllAllAll
ApplicationMoodleMoodle2.7.11AllAllAll
ApplicationMoodleMoodle2.7.2AllAllAll
ApplicationMoodleMoodle2.7.3AllAllAll
ApplicationMoodleMoodle2.7.4AllAllAll
ApplicationMoodleMoodle2.7.5AllAllAll
ApplicationMoodleMoodle2.7.6AllAllAll
ApplicationMoodleMoodle2.7.7AllAllAll
ApplicationMoodleMoodle2.7.8AllAllAll
ApplicationMoodleMoodle2.7.9AllAllAll
ApplicationMoodleMoodle2.8.0AllAllAll
ApplicationMoodleMoodle2.8.1AllAllAll
ApplicationMoodleMoodle2.8.2AllAllAll
ApplicationMoodleMoodle2.8.3AllAllAll
ApplicationMoodleMoodle2.8.4AllAllAll
ApplicationMoodleMoodle2.8.5AllAllAll
ApplicationMoodleMoodle2.8.6AllAllAll
ApplicationMoodleMoodle2.8.7AllAllAll
ApplicationMoodleMoodle2.8.8AllAllAll
ApplicationMoodleMoodle2.8.9AllAllAll
ApplicationMoodleMoodle2.9.0AllAllAll
ApplicationMoodleMoodle2.9.1AllAllAll
ApplicationMoodleMoodle2.9.2AllAllAll
ApplicationMoodleMoodle2.9.3AllAllAll
ApplicationMoodleMoodle3.0.0AllAllAll
ApplicationMoodleMoodle3.0.1AllAllAll
ApplicationMoodleMoodleAllAllAllAll
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*: