CVE-2015-5331: Moodle improper access control

May 13, 2022 (updated August 1, 2023)

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426
github.com/advisories/GHSA-m7cc-6vhg-39wr
github.com/moodle/moodle/commit/cd0c9ac87d75b3d893d61df21e3ecfd12c065c1f
moodle.org/mod/forum/discuss.php?d=323228
nvd.nist.gov/vuln/detail/CVE-2015-5331

Code Behaviors & Features

Detect and mitigate CVE-2015-5331 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →