Candidate: CVE-2015-5342
PublicDate: 2016-02-22 05:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5342
 https://moodle.org/mod/forum/discuss.php?d=323237#p1297708
Description:
 The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x
 before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to
 bypass intended access restrictions by visiting a URL to add or delete
 responses in the closed state.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Juan Leyva
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [4.3 MEDIUM]

Patches_moodle:
upstream_moodle: released (2.7.11+dfsg-1, 2.9.3, 2.8.9 and 2.7.11)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.7.11+dfsg-2)
yakkety_moodle: not-affected (2.7.11+dfsg-2)
zesty_moodle: not-affected (2.7.11+dfsg-2)
artful_moodle: not-affected (2.7.11+dfsg-2)
bionic_moodle: not-affected (2.7.11+dfsg-2)
cosmic_moodle: not-affected (2.7.11+dfsg-2)
disco_moodle: not-affected (2.7.11+dfsg-2)
devel_moodle: not-affected (2.7.11+dfsg-2)