Lucene search

[email protected]CVE-2018-10890

HistoryJul 10, 2018 - 6:29 p.m.

CVE-2018-10890

2018-07-1018:29:00

CWE-200

[email protected]

web.nvd.nist.gov

moodle

security

vulnerability

cve-2018-10890

course categories

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories.

Affected configurations

Vulners

NVD

Node

redhatredhat_package_managerRange≤3.5.1

redhatredhat_package_managerRange≤3.4.4

redhatredhat_package_managerRange≤3.3.7

redhatredhat_package_managerRange≤3.1.13

CPENameOperatorVersion
moodle:moodlemoodlelt3.1.13
moodle:moodlemoodlelt3.3.7
moodle:moodlemoodlelt3.4.4
moodle:moodlemoodlelt3.5.1

CPE	Name	Operator	Version
moodle:moodle	moodle	lt	3.1.13
moodle:moodle	moodle	lt	3.3.7
moodle:moodle	moodle	lt	3.4.4
moodle:moodle	moodle	lt	3.5.1

CNA Affected

[
  {
    "product": "moodle",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "moodle 3.5.1"
      },
      {
        "status": "affected",
        "version": "moodle 3.4.4"
      },
      {
        "status": "affected",
        "version": "moodle 3.3.7"
      },
      {
        "status": "affected",
        "version": "moodle 3.1.13"
      }
    ]
  }
]