CVE-2015-5331 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-5331 Interim 1 3 2021-06-09T09:38:58Z current 2021-05-30T13:32:05Z 2021-06-09T09:38:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-5331 Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API. CVE-2015-5331 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N