What is the severity of CVE-2015-5342?

CVE-2015-5342 is classified as a medium severity vulnerability.

How do I fix CVE-2015-5342?

To fix CVE-2015-5342, update your Moodle installation to versions 2.7.11, 2.8.9, or 2.9.3 and above.

What types of access restrictions are bypassed by CVE-2015-5342?

CVE-2015-5342 allows remote authenticated users to bypass access restrictions to add or delete responses in the closed state.

Which versions of Moodle are affected by CVE-2015-5342?

CVE-2015-5342 affects Moodle versions through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3.

What module in Moodle is vulnerable to CVE-2015-5342?

The choice module in Moodle is vulnerable to CVE-2015-5342.

Vulnerability/
CVE-2015-5342

medium

4.3

CWE

264

22/2/2016

13/5/2022

6/8/2024

CVE-2015-5342

First published: Mon Feb 22 2016(Updated: )

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
composer/moodle/moodle	>=2.9.0<2.9.3	2.9.3
composer/moodle/moodle	>=2.8.0<2.8.9	2.8.9
composer/moodle/moodle	<2.7.11	2.7.11
Moodle	<=2.6.11
Moodle	=2.7.0
Moodle	=2.7.1
Moodle	=2.7.2
Moodle	=2.7.3
Moodle	=2.7.4
Moodle	=2.7.5
Moodle	=2.7.6
Moodle	=2.7.7
Moodle	=2.7.8
Moodle	=2.7.9
Moodle	=2.7.10
Moodle	=2.8.0
Moodle	=2.8.1
Moodle	=2.8.2
Moodle	=2.8.3
Moodle	=2.8.4
Moodle	=2.8.5
Moodle	=2.8.6
Moodle	=2.8.7
Moodle	=2.8.8
Moodle	=2.9.0
Moodle	=2.9.1
Moodle	=2.9.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-5342?
CVE-2015-5342 is classified as a medium severity vulnerability.
How do I fix CVE-2015-5342?
To fix CVE-2015-5342, update your Moodle installation to versions 2.7.11, 2.8.9, or 2.9.3 and above.
What types of access restrictions are bypassed by CVE-2015-5342?
CVE-2015-5342 allows remote authenticated users to bypass access restrictions to add or delete responses in the closed state.
Which versions of Moodle are affected by CVE-2015-5342?
CVE-2015-5342 affects Moodle versions through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3.
What module in Moodle is vulnerable to CVE-2015-5342?
The choice module in Moodle is vulnerable to CVE-2015-5342.

collector/github-advisory-latest
source/GitHub
alias/GHSA-6xpm-q8x9-j3rw
alias/CVE-2015-5342
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/type
agent/description
agent/author
agent/softwarecombine
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/composer
vendor/moodle
canonical/moodle
version/moodle/2.6.11
version/moodle/2.7.0
version/moodle/2.7.1
version/moodle/2.7.2
version/moodle/2.7.3
version/moodle/2.7.4
version/moodle/2.7.5
version/moodle/2.7.6
version/moodle/2.7.7
version/moodle/2.7.8
version/moodle/2.7.9
version/moodle/2.7.10
version/moodle/2.8.0
version/moodle/2.8.1
version/moodle/2.8.2
version/moodle/2.8.3
version/moodle/2.8.4
version/moodle/2.8.5
version/moodle/2.8.6
version/moodle/2.8.7
version/moodle/2.8.8
version/moodle/2.9.0
version/moodle/2.9.1
version/moodle/2.9.2