Vulnerability Name: | CVE-2016-2157 (CCN-111595) | ||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2016-03-21 | ||||||||||||||||||||||||||||||||||||||||||||
Published: | 2016-03-21 | ||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2020-12-01 | ||||||||||||||||||||||||||||||||||||||||||||
Summary: | Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. | ||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-352 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-2157 Source: CONFIRM Type: UNKNOWN http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031 Source: CCN Type: SECTRACK ID: 1035333 Moodle Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Bypass Security Restrictions and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks Source: MLIST Type: UNKNOWN [oss-security] 20160321 moodle security release Source: SECTRACK Type: UNKNOWN 1035333 Source: XF Type: UNKNOWN moodle-cve20162157-csrf(111595) Source: CONFIRM Type: Vendor Advisory https://moodle.org/mod/forum/discuss.php?d=330179 Source: CCN Type: Moodle Security Advisory MSA-16-0009 CSRF in Assignment plugin management page Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-2157 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
BACK |