CVE-2015-3179

high

Description

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

References

https://moodle.org/mod/forum/discuss.php?d=313686

http://www.securitytracker.com/id/1032358

http://www.securityfocus.com/bid/74725

http://openwall.com/lists/oss-security/2015/05/18/1

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090

Details

Source: Mitre, NVD

Published: 2015-06-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High