Vulnerability Details CVE-2015-2186
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2015-2186
-
cpe:2.3:a:edx:configuration:1.0
-
cpe:2.3:a:edx:edx-platform:-
-
cpe:2.3:a:edx:edx-platform:1.6.0