GitHub Advisory DatabaseGHSA-C2R4-F8QV-2V7VMoodle allows attackers to read SCORM contents
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.9%
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837
github.com/advisories/GHSA-c2r4-f8qv-2v7v
github.com/moodle/moodle/commit/03b1f63d40d09c206f641b246110c2371d3068a2
github.com/moodle/moodle/commit/3d58fd5841308018b32ca78206c74f27c4d4b9c3
github.com/moodle/moodle/commit/5f65bb2e436620f9026b363484294299c2327740
github.com/moodle/moodle/commit/d01512e36c449f52ddc5e41db567d8f375fc153d
github.com/moodle/moodle/commit/d28eedd5363b4f081f9e66d0c9014d84792a89d7
github.com/moodle/moodle/commit/f1178ebcd9cf1c149892335c52f6ccad066e3e05
github.com/moodle/moodle/commit/fe9bd2b8bb73e958067f2bdb227a8d0e7cffbcda
moodle.org/mod/forum/discuss.php?d=323236
nvd.nist.gov/vuln/detail/CVE-2015-5341
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.9%