CVE-2016-2157 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Affected Products (NVD)

Vendor	Product	Version
moodle	moodle	𝑥 ≤ 2.6.11
moodle	moodle	2.7.0
moodle	moodle	2.7.1
moodle	moodle	2.7.2
moodle	moodle	2.7.3
moodle	moodle	2.7.4
moodle	moodle	2.7.5
moodle	moodle	2.7.6
moodle	moodle	2.7.7
moodle	moodle	2.7.8
moodle	moodle	2.7.9
moodle	moodle	2.7.10
moodle	moodle	2.7.11
moodle	moodle	2.7.12
moodle	moodle	2.8.0
moodle	moodle	2.8.1
moodle	moodle	2.8.2
moodle	moodle	2.8.3
moodle	moodle	2.8.4
moodle	moodle	2.8.5
moodle	moodle	2.8.6
moodle	moodle	2.8.7
moodle	moodle	2.8.8
moodle	moodle	2.8.9
moodle	moodle	2.8.10
moodle	moodle	2.9.0
moodle	moodle	2.9.1
moodle	moodle	2.9.2
moodle	moodle	2.9.3
moodle	moodle	2.9.4
moodle	moodle	3.0.0
moodle	moodle	3.0.1
moodle	moodle	3.0.2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

moodle

artful	ignored
bionic	Fixed 3.0.3+dfsg-0ubuntu1 released
cosmic	Fixed 3.0.3+dfsg-0ubuntu1 released
disco	Fixed 3.0.3+dfsg-0ubuntu1 released
precise	ignored
trusty	dne
wily	ignored
xenial	Fixed 3.0.3+dfsg-0ubuntu1 released
yakkety	ignored
zesty	ignored

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031

http://www.openwall.com/lists/oss-security/2016/03/21/1

http://www.securitytracker.com/id/1035333

https://moodle.org/mod/forum/discuss.php?d=330179

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031

http://www.openwall.com/lists/oss-security/2016/03/21/1

http://www.securitytracker.com/id/1035333

https://moodle.org/mod/forum/discuss.php?d=330179