CVE-2015-5264

medium

Description

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

References

https://moodle.org/mod/forum/discuss.php?d=320287

http://www.securitytracker.com/id/1033619

http://www.openwall.com/lists/oss-security/2015/09/21/1

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516

Details

Source: Mitre, NVD

Published: 2016-02-22

Updated: 2020-12-01

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N