Vulnerability Details : CVE-2016-3733
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-3733
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3733
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3733
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2016-3733
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3733
-
http://www.openwall.com/lists/oss-security/2016/05/17/4
oss-security - Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14Mailing List;Third Party Advisory
-
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
Official Moodle git projects - moodle.git/searchPatch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
1335933 – (CVE-2016-3729, CVE-2016-3731, CVE-2016-3732, CVE-2016-3733, CVE-2016-3734) CVE-2016-3729 CVE-2016-3731 CVE-2016-3732 CVE-2016-3733 CVE-2016-3734 moodle: Multiple vulnerabilities fixed in 3.Issue Tracking;Third Party Advisory
-
http://www.securitytracker.com/id/1035902
Moodle Bugs Let Remote Users Access and Modify Data and Conduct Cross-Site Request Forgery Attacks - SecurityTrackerThird Party Advisory;VDB Entry
Jump to