CVE-2015-3177

Publication date 1 June 2015

Last updated 24 July 2024


Ubuntu priority

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

Read the notes from the security team

Status

Package Ubuntu Release Status
moodle 15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise
Not affected

Notes


sbeattie

moodle 2.8 only