CVE-2016-0724 — Vulnetix

CVE-2016-0724 REJECTED

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

EPSS 0.58% · 69.3th percentile

Risk Scores

EPSS Score

0.58%

69.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	moodle	0, 2.7.9+dfsg-1, 2.7.10+dfsg-1

Exploit Intelligence

1034694 (circl)
https://moodle.org/mod/forum/discuss.php?d=326205 (circl)
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072 (circl)
[oss-security] 20160118 [vs] moodle security release (circl)
FEDORA-2016-fb2597f4eb (circl)
FEDORA-2016-1c10ab3c35 (circl)

Timeline

Jan 20, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-0724 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-0724 third-party-advisory

Open in Interactive Console →