Description

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

Remediation

References

CVE-2015-3177

Related Vulnerabilities

OpenVPN AS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2692)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)

OpenSSL CVE-2021-4160 Vulnerability (CVE-2021-4160)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9281)

WebLogic CVE-2021-2136 Vulnerability (CVE-2021-2136)

Severity

Low

Classification

CVE-2015-3177

Tags

Missing Update Known Vulnerabilities