CVE-2015-3179

EUVD-2022-2418
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
moodlemoodle
𝑥
≤ 2.5.9
moodlemoodle
2.5.0
moodlemoodle
2.5.1
moodlemoodle
2.5.2
moodlemoodle
2.5.3
moodlemoodle
2.5.4
moodlemoodle
2.5.5
moodlemoodle
2.5.6
moodlemoodle
2.5.7
moodlemoodle
2.5.8
moodlemoodle
2.6.0
moodlemoodle
2.6.1
moodlemoodle
2.6.2
moodlemoodle
2.6.3
moodlemoodle
2.6.4
moodlemoodle
2.6.5
moodlemoodle
2.6.6
moodlemoodle
2.6.7
moodlemoodle
2.6.8
moodlemoodle
2.6.9
moodlemoodle
2.6.10
moodlemoodle
2.7.0
moodlemoodle
2.7.1
moodlemoodle
2.7.2
moodlemoodle
2.7.3
moodlemoodle
2.7.4
moodlemoodle
2.7.5
moodlemoodle
2.7.6
moodlemoodle
2.7.7
moodlemoodle
2.8.0
moodlemoodle
2.8.1
moodlemoodle
2.8.2
moodlemoodle
2.8.3
moodlemoodle
2.8.4
moodlemoodle
2.8.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
precise
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090
http://openwall.com/lists/oss-security/2015/05/18/1
http://www.securityfocus.com/bid/74725
http://www.securitytracker.com/id/1032358
https://moodle.org/mod/forum/discuss.php?d=313686
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090
http://openwall.com/lists/oss-security/2015/05/18/1
http://www.securityfocus.com/bid/74725
http://www.securitytracker.com/id/1032358
https://moodle.org/mod/forum/discuss.php?d=313686