Lucene search

K
githubGitHub Advisory DatabaseGHSA-273W-7FXJ-PCP6
HistoryMar 06, 2023 - 9:30 p.m.

Moodle vulnerable to Uncontrolled Resource Consumption

2023-03-0621:30:18
CWE-400
CWE-674
GitHub Advisory Database
github.com
9
moodle
file repository
recursion handling
denial of service
software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.2%

In Moodle, the file repository’s URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

Affected configurations

Vulners
Node
moodlemoodleRange<3.9.8
OR
moodlemoodleRange<3.10.5
OR
moodlemoodleRange<3.11.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.2%