CVE-2015-5266
N/A
N/A
Summary
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
- https://moodle.org/mod/forum/discuss.php?d=320290
- http://www.openwall.com/lists/oss-security/2015/09/21/1
- http://www.securitytracker.com/id/1033619
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
- https://moodle.org/mod/forum/discuss.php?d=320290
- http://www.openwall.com/lists/oss-security/2015/09/21/1
- http://www.securitytracker.com/id/1033619
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.