CVE Vulnerabilities

CVE-2015-5342

Published: Feb 22, 2016 | Modified: Nov 21, 2024
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

Affected Software 

Name Vendor Start Version End Version
Moodle Moodle * 2.6.11 (including)
Moodle Moodle 2.7.0 (including) 2.7.0 (including)
Moodle Moodle 2.7.1 (including) 2.7.1 (including)
Moodle Moodle 2.7.2 (including) 2.7.2 (including)
Moodle Moodle 2.7.3 (including) 2.7.3 (including)
Moodle Moodle 2.7.4 (including) 2.7.4 (including)
Moodle Moodle 2.7.5 (including) 2.7.5 (including)
Moodle Moodle 2.7.6 (including) 2.7.6 (including)
Moodle Moodle 2.7.7 (including) 2.7.7 (including)
Moodle Moodle 2.7.8 (including) 2.7.8 (including)
Moodle Moodle 2.7.9 (including) 2.7.9 (including)
Moodle Moodle 2.7.10 (including) 2.7.10 (including)
Moodle Moodle 2.8.0 (including) 2.8.0 (including)
Moodle Moodle 2.8.1 (including) 2.8.1 (including)
Moodle Moodle 2.8.2 (including) 2.8.2 (including)
Moodle Moodle 2.8.3 (including) 2.8.3 (including)
Moodle Moodle 2.8.4 (including) 2.8.4 (including)
Moodle Moodle 2.8.5 (including) 2.8.5 (including)
Moodle Moodle 2.8.6 (including) 2.8.6 (including)
Moodle Moodle 2.8.7 (including) 2.8.7 (including)
Moodle Moodle 2.8.8 (including) 2.8.8 (including)
Moodle Moodle 2.9.0 (including) 2.9.0 (including)
Moodle Moodle 2.9.1 (including) 2.9.1 (including)
Moodle Moodle 2.9.2 (including) 2.9.2 (including)
Moodle Ubuntu precise *
Moodle Ubuntu trusty *
Moodle Ubuntu upstream *
Moodle Ubuntu vivid *
Moodle Ubuntu wily *

References