CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.

CVSS v3 6.8 MEDIUM
CVSS v2.0 7.1 HIGH

6.8^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability : 2.2 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51000
https://moodle.org/mod/forum/discuss.php?d=323229	Vendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51000
https://moodle.org/mod/forum/discuss.php?d=323229	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle:2.8.0:::::::*
	cpe:2.3:a:moodle:moodle:2.8.1:::::::*
	cpe:2.3:a:moodle:moodle:2.8.2:::::::*
	cpe:2.3:a:moodle:moodle:2.8.3:::::::*
	cpe:2.3:a:moodle:moodle:2.8.4:::::::*
	cpe:2.3:a:moodle:moodle:2.8.5:::::::*
	cpe:2.3:a:moodle:moodle:2.8.6:::::::*
	cpe:2.3:a:moodle:moodle:2.8.7:::::::*
	cpe:2.3:a:moodle:moodle:2.8.8:::::::*
	cpe:2.3:a:moodle:moodle:2.9.0:::::::*
	cpe:2.3:a:moodle:moodle:2.9.1:::::::*
	cpe:2.3:a:moodle:moodle:2.9.2:::::::*

History

No history.

Information

Published : 2016-02-22 05:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-5332

Mitre link : CVE-2015-5332

CVE.ORG link : CVE-2015-5332

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2015-5332", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}]}, "published": "2016-02-22T05:59:12.470", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51000", "source": "secalert@redhat.com"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=323229", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51000", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=323229", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature."}, {"lang": "es", "value": "Atto en Moodle 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de disco) aprovechando el rol invitado e introduciendo borradores con la funcionalidad editor-autosave."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12737AF4-B2D5-4661-B06A-6A06FE95EC2D"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88C59A94-D225-478A-B23E-41C4324BC643"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D88385B1-EEFB-4825-BD8F-215C39FD86DA"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3BE2782-D167-4237-B57D-2E4C04571524"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F277F979-12FA-47A5-B0A5-D174C2127A7D"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38498617-8E45-4E73-AE9F-C7A0D18FDE47"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9047769-BFF4-42DB-8B19-F6D16FA910A1"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73A75ACE-FED2-4830-B259-744ABF25463E"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9224D94-1C48-468C-A39B-B2694ED178F4"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7EE9AD-E122-4288-9416-6D8F8790D75D"}, {"criteria": "cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4FC2CC1-787B-480F-BC41-538CE2507CB7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}