Candidate: CVE-2016-2158
PublicDate: 2016-05-22 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2158
 https://moodle.org/mod/forum/discuss.php?d=330180
Description:
 lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13,
 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the
 forcelogin feature is enabled, allows remote attackers to obtain sensitive
 category-detail information from the navigation branch by leveraging the
 guest role for an Ajax request.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]

Patches_moodle:
upstream_moodle: released (2.7.13+dfsg-1)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: released (3.0.3+dfsg-0ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: released (3.0.3+dfsg-0ubuntu1)
cosmic_moodle: released (3.0.3+dfsg-0ubuntu1)
disco_moodle: released (3.0.3+dfsg-0ubuntu1)
devel_moodle: released (3.0.3+dfsg-0ubuntu1)