CVE-2016-2158
Publication date 22 May 2016
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| moodle | ||
| 18.04 LTS bionic |
Fixed 3.0.3+dfsg-0ubuntu1
|
|
| 16.04 LTS xenial |
Fixed 3.0.3+dfsg-0ubuntu1
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
4.3 · Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N