CVE-2016-5012 - OpenCVE

In Moodle 3.x, glossary search displays entries without checking user permissions to view them.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle:3.1.0:::::::*
	cpe:2.3:a:moodle:moodle:3.1.0:beta::::::
	cpe:2.3:a:moodle:moodle:3.1.0:rc1::::::
	cpe:2.3:a:moodle:moodle:3.1.0:rc2::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/92041
https://moodle.org/mod/forum/discuss.php?d=336697

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-20T08:39:00

Updated: 2024-08-06T00:46:40.228Z

Reserved: 2016-05-24T00:00:00

Link: CVE-2016-5012

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-01-20T08:59:00.190

Modified: 2017-01-25T20:21:42.533

Link: CVE-2016-5012

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-20T00:00:00", "descriptions": [{"lang": "en", "value": "In Moodle 3.x, glossary search displays entries without checking user permissions to view them."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-20T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "92041", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92041"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=336697"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Moodle 3.x, glossary search displays entries without checking user permissions to view them."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92041", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92041"}, {"name": "https://moodle.org/mod/forum/discuss.php?d=336697", "refsource": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=336697"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:46:40.228Z"}, "title": "CVE Program Container", "references": [{"name": "92041", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92041"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=336697"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-5012", "datePublished": "2017-01-20T08:39:00", "dateReserved": "2016-05-24T00:00:00", "dateUpdated": "2024-08-06T00:46:40.228Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0033EC68-98DB-42E6-A256-EFA05F6EC72E", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "A1F5E2DD-495F-4C4E-92B9-5481D432BC12", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "16158B28-FE97-4BF3-BCDF-D754B5158825", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C8B58722-61EF-4283-A434-A022583C528A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Moodle 3.x, glossary search displays entries without checking user permissions to view them."}, {"lang": "es", "value": "En Moodle 3.x, la b\u00fasqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas."}], "id": "CVE-2016-5012", "lastModified": "2017-01-25T20:21:42.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-20T08:59:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92041"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=336697"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}