CVE-2016-0724

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
moodlemoodle
𝑥
≤ 2.6.11
moodlemoodle
2.7.0
moodlemoodle
2.7.1
moodlemoodle
2.7.2
moodlemoodle
2.7.3
moodlemoodle
2.7.4
moodlemoodle
2.7.5
moodlemoodle
2.7.6
moodlemoodle
2.7.7
moodlemoodle
2.7.8
moodlemoodle
2.7.9
moodlemoodle
2.7.10
moodlemoodle
2.7.11
moodlemoodle
2.8.0
moodlemoodle
2.8.1
moodlemoodle
2.8.2
moodlemoodle
2.8.3
moodlemoodle
2.8.4
moodlemoodle
2.8.5
moodlemoodle
2.8.6
moodlemoodle
2.8.7
moodlemoodle
2.8.8
moodlemoodle
2.8.9
moodlemoodle
2.9.0
moodlemoodle
2.9.1
moodlemoodle
2.9.2
moodlemoodle
2.9.3
moodlemoodle
3.0.0
moodlemoodle
3.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
trusty
dne
precise
ignored