nvd-json-data-feeds/CVE-2015/CVE-2015-02xx/CVE-2015-0211.json

{
  "id": "CVE-2015-0211",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2015-06-01T19:59:00.073",
  "lastModified": "2020-12-01T14:54:45.183",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service."
    },
    {
      "lang": "es",
      "value": "mod/lti/ajax.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 no considera las capacidades moodle/course:manageactivities y mod/lti:addinstance antes de proceder con b\u00fasquedas de listas de herramientas registradas, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de solicitudes al servicio LTI Ajax."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.5.9",
              "matchCriteriaId": "83F79402-5EA5-42D8-8292-8C71C8BA748F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF03304-032C-4E85-A802-7CDAC89216FA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "311BEFF3-A58A-4CA8-BE09-F8D081EA13A8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D2A1F8-82FF-4C1A-A872-71D93874EEAD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E79BB0-6017-441C-9B10-00E55FDF0986"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA845882-C0F4-4522-94B2-9AA21A08887A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "48F341A8-0AC8-4033-8C99-0249B7289F9E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE1A520-762B-4A35-8075-ED4ECA0A1CB3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9803CBE2-80A6-47EB-A782-CC8F1E66FBD9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05112EC5-3AAA-499B-8763-345187529C09"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71407960-077B-4407-B249-789436687D91"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72728F94-D408-4CAD-A214-800B1D1C7971"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6925A366-37EB-41ED-85C8-B56D6A93D4EB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6400F9D-9654-444F-9EBB-0F73025AD744"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "66ED87A3-8237-4182-BEF5-052346067737"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E051AAC-EB40-491F-AF0E-EE8143C12567"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADBE87F-1855-453B-B958-0CB8A7908A06"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B53A7D2-BDA2-4185-97C3-977A04876A37"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51DFFA8-DFF0-429C-B697-F82F41621FEE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12737AF4-B2D5-4661-B06A-6A06FE95EC2D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://openwall.com/lists/oss-security/2015/01/19/1",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://moodle.org/mod/forum/discuss.php?d=278611",
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}