mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
118 lines
3.5 KiB
JSON
118 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2015-5331",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2016-02-22T05:59:11.393",
|
|
"lastModified": "2020-12-01T14:52:48.667",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Moodle 2.9.x en versiones anteriores a 2.9.3 no comprueba adecuadamente la lista de contactos antes de autorizar la transmisi\u00f3n del mensaje, lo que permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y llevar a cabo ataques de spam a trav\u00e9s de la API messaging."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-254"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C9224D94-1C48-468C-A39B-B2694ED178F4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1C7EE9AD-E122-4288-9416-6D8F8790D75D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4FC2CC1-787B-480F-BC41-538CE2507CB7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://moodle.org/mod/forum/discuss.php?d=323228",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |