The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.12, 2.8.x prior to 2.8.10, 2.9.x prior to 2.9.4, and 3.0.x prior to 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.7.10 |
||
moodle moodle 2.8.9 |
||
moodle moodle 2.8.6 |
||
moodle moodle 2.8.5 |
||
moodle moodle 2.7.8 |
||
moodle moodle 2.7.7 |
||
moodle moodle 2.7.6 |
||
moodle moodle |
||
moodle moodle 3.0.0 |
||
moodle moodle 2.7.11 |
||
moodle moodle 2.9.0 |
||
moodle moodle 2.8.7 |
||
moodle moodle 2.8.0 |
||
moodle moodle 2.7.9 |
||
moodle moodle 2.7.1 |
||
moodle moodle 2.7.0 |
||
moodle moodle 3.0.1 |
||
moodle moodle 2.9.2 |
||
moodle moodle 2.9.1 |
||
moodle moodle 2.8.2 |
||
moodle moodle 2.8.1 |
||
moodle moodle 2.7.3 |
||
moodle moodle 2.7.2 |
||
moodle moodle 2.8.8 |
||
moodle moodle 2.9.3 |
||
moodle moodle 2.8.4 |
||
moodle moodle 2.8.3 |
||
moodle moodle 2.7.5 |
||
moodle moodle 2.7.4 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |