Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-774Q-WFCP-VC2Q
HistoryMay 24, 2022 - 5:11 p.m.

Moodle Email media URL tokens were not checking for user status

2022-05-2417:11:48
CWE-285
CWE-862
GitHub Advisory Database
github.com
4
moodle
email
media
url
tokens
vulnerability
notifications
inline attachments
user status
account
active
file path

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

32.6%

JSON

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user’s account was no longer active. Note: to access files, a user would need to know the file path, and their token.

Affected configurations

Vulners
Node
moodlemoodleRange3.73.7.3
OR
moodlemoodleRange3.63.6.7
VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Related

osv 2
cve 1
ubuntucve 1
cvelist 1
openvas 1
symantec 1
veracode 1
prion 1
nvd 1
osv
osv
CVE-2019-14883
2020-03-18 13:15:12
Moodle Email media URL tokens were not checking for user status
2022-05-24 17:11:48
cve
cve
CVE-2019-14883
2020-03-18 13:15:12
ubuntucve
ubuntucve
CVE-2019-14883
2020-03-18 00:00:00
cvelist
cvelist
CVE-2019-14883
2020-03-18 12:16:16
openvas
openvas
Moodle 3.6.x < 3.6.7, 3.7.x < 3.7.3 Multiple Vulnerabilities
2019-11-20 00:00:00
symantec
symantec
Moodle CVE-2019-14883 Remote Security Vulnerability
2019-11-18 00:00:00
veracode
veracode
Information Disclosure
2020-01-08 05:20:29
prion
prion
Design/Logic Flaw
2020-03-18 13:15:00
nvd
nvd
CVE-2019-14883
2020-03-18 13:15:12

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

32.6%

JSON
Related for GHSA-774Q-WFCP-VC2Q
osv2cve1ubuntucve1cvelist1openvas1symantec1veracode1prion1nvd1