CVE-2016-3733
Published: 20 April 2017
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moodle Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| disco |
Not vulnerable
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(2.7.14+dfsg-1)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(3.0.3+dfsg-0ubuntu1)
|
|
| yakkety |
Not vulnerable
|
|
| zesty |
Not vulnerable
|
|
|
Patches: upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |