CVE-2015-5264
First published: Mon Feb 22 2016(Updated: )
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=2.9.0<2.9.2 | 2.9.2 |
| composer/moodle/moodle | >=2.8.0<2.8.8 | 2.8.8 |
| composer/moodle/moodle | >=2.7.0<2.7.10 | 2.7.10 |
| Moodle | <=2.6.11 | |
| Moodle | =2.7.0 | |
| Moodle | =2.7.1 | |
| Moodle | =2.7.2 | |
| Moodle | =2.7.3 | |
| Moodle | =2.7.4 | |
| Moodle | =2.7.5 | |
| Moodle | =2.7.6 | |
| Moodle | =2.7.7 | |
| Moodle | =2.7.8 | |
| Moodle | =2.7.9 | |
| Moodle | =2.8.0 | |
| Moodle | =2.8.1 | |
| Moodle | =2.8.2 | |
| Moodle | =2.8.3 | |
| Moodle | =2.8.4 | |
| Moodle | =2.8.5 | |
| Moodle | =2.8.6 | |
| Moodle | =2.8.7 | |
| Moodle | =2.9.0 | |
| Moodle | =2.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
- http://www.openwall.com/lists/oss-security/2015/09/21/1
- http://www.securitytracker.com/id/1033619
- https://moodle.org/mod/forum/discuss.php?d=320287
- https://nvd.nist.gov/vuln/detail/CVE-2015-5264
- https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84
- https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869
- https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091
- https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc
- https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4
- https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d
- https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840
- https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac
- https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca
- https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356
- https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
- https://github.com/advisories/GHSA-mm9q-3847-m48x (Advisory)
Frequently Asked Questions
What is the severity of CVE-2015-5264?
CVE-2015-5264 has a medium severity rating due to its potential for access control bypass by authenticated users.
How do I fix CVE-2015-5264?
To fix CVE-2015-5264, upgrade to Moodle version 2.7.10, 2.8.8, or 2.9.2 or later.
Which versions of Moodle are affected by CVE-2015-5264?
CVE-2015-5264 affects Moodle versions 2.6.11 and earlier, 2.7.x prior to 2.7.10, 2.8.x prior to 2.8.8, and 2.9.x prior to 2.9.2.
What does CVE-2015-5264 allow attackers to do?
CVE-2015-5264 allows remote authenticated users to bypass access restrictions and submit additional answer attempts.
Is there a permanent solution for CVE-2015-5264?
Yes, the permanent solution is to keep Moodle updated to the latest version beyond the patched versions.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-mm9q-3847-m48x
- alias/CVE-2015-5264
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/softwarecombine
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/2.6.11
- version/moodle/2.7.0
- version/moodle/2.7.1
- version/moodle/2.7.2
- version/moodle/2.7.3
- version/moodle/2.7.4
- version/moodle/2.7.5
- version/moodle/2.7.6
- version/moodle/2.7.7
- version/moodle/2.7.8
- version/moodle/2.7.9
- version/moodle/2.8.0
- version/moodle/2.8.1
- version/moodle/2.8.2
- version/moodle/2.8.3
- version/moodle/2.8.4
- version/moodle/2.8.5
- version/moodle/2.8.6
- version/moodle/2.8.7
- version/moodle/2.9.0
- version/moodle/2.9.1