First published: Mon Feb 22 2016(Updated: )
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle | =2.8.0 | |
Moodle | =2.8.1 | |
Moodle | =2.8.2 | |
Moodle | =2.8.3 | |
Moodle | =2.8.4 | |
Moodle | =2.8.5 | |
Moodle | =2.8.6 | |
Moodle | =2.8.7 | |
Moodle | =2.8.8 | |
Moodle | =2.9.0 | |
Moodle | =2.9.1 | |
Moodle | =2.9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-5332 is classified as a high severity vulnerability due to its potential to cause denial of service by exhausting disk space.
To fix CVE-2015-5332, upgrade Moodle to version 2.8.9 or 2.9.3 or later.
CVE-2015-5332 affects Moodle versions from 2.8.0 to 2.8.8 and 2.9.0 to 2.9.2.
CVE-2015-5332 allows remote attackers to exploit the guest role to cause a denial of service by consuming disk space.
CVE-2015-5332 is a remote vulnerability that can be exploited by attackers leveraging the guest user role.