CVE-2015-5340: Exposure of Sensitive Information to an Unauthorized Actor

May 13, 2022 (updated August 1, 2023)

Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51684
github.com/advisories/GHSA-mmvj-j7hq-rx85
github.com/moodle/moodle/commit/47d5c29202e299fdbe54229d3f6b0c381835eae3
moodle.org/mod/forum/discuss.php?d=323235
nvd.nist.gov/vuln/detail/CVE-2015-5340

Code Behaviors & Features

Detect and mitigate CVE-2015-5340 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →