Medium severity4.3NVD Advisory· Published Feb 22, 2016· Updated Jun 17, 2026
CVE-2015-5268
CVE-2015-5268
Description
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 2.7.10 | 2.7.10 |
moodle/moodlePackagist | >= 2.8.0, < 2.8.8 | 2.8.8 |
moodle/moodlePackagist | >= 2.9.0, < 2.9.2 | 2.9.2 |
Affected products
22cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.6.11
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-h34c-px28-rjgwghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-5268ghsaADVISORY
- www.openwall.com/lists/oss-security/2015/09/21/1nvdWEB
- www.securitytracker.com/id/1033619nvdWEB
- github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2aghsaWEB
- github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665ghsaWEB
- github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02ghsaWEB
- github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64ghsaWEB
News mentions
0No linked articles in our index yet.