CVE-2015-6671

openedx/edx-platform

on github

Published

March 13, 2017

Severity

CVSS v3:

5.9 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.

References

https://open.edx.org/CVE-2015-6671
https://github.com/edx/edx-platform/pull/9471

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:edx:edx-platform::::::::	n/a	2015-08-20 (including)	*

External Links

NVD - CVE-2015-6671