CVE-2009-4303

2009-12-1601:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2009-4303

moodle

security

data breach

nvd

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified “secrets” in backup files, which might allow attackers to obtain sensitive information.

CPENameOperatorVersion
moodle:moodlemoodleeq1.9.4
moodle:moodlemoodleeq1.9.1
moodle:moodlemoodleeq1.8.8
moodle:moodlemoodleeq1.9.6
moodle:moodlemoodleeq1.8.2
moodle:moodlemoodleeq1.9.2
moodle:moodlemoodleeq1.8.5
moodle:moodlemoodleeq1.8.3
moodle:moodlemoodleeq1.8.9
moodle:moodlemoodleeq1.8.7

CPE	Name	Operator	Version
moodle:moodle	moodle	eq	1.9.4
moodle:moodle	moodle	eq	1.9.1
moodle:moodle	moodle	eq	1.8.8
moodle:moodle	moodle	eq	1.9.6
moodle:moodle	moodle	eq	1.8.2
moodle:moodle	moodle	eq	1.9.2
moodle:moodle	moodle	eq	1.8.5
moodle:moodle	moodle	eq	1.8.3
moodle:moodle	moodle	eq	1.8.9
moodle:moodle	moodle	eq	1.8.7