GitHub Advisory DatabaseGHSA-9P54-PC88-36C4Moodle does not properly restrict access to category and course data
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
69.1%
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
Affected configurations
References
git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00
moodle.org/mod/forum/discuss.php?d=188311
bugzilla.redhat.com/show_bug.cgi?id=747444
github.com/advisories/GHSA-9p54-pc88-36c4
github.com/moodle/moodle/commit/6f7c43c7de8f62cd53a7f3b54ad5325cd109c1be
github.com/moodle/moodle/commit/81c77993e3808bba68fe24d6bfbac19a41679a6f
github.com/moodle/moodle/commit/f6b07c4da54a9db24723beb147e8a19a3d487e00
nvd.nist.gov/vuln/detail/CVE-2011-4300
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
69.1%