GitHub Advisory DatabaseGHSA-FJ6P-G234-RRV3Exposure of Sensitive Information in moodle
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
37.7%
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 3.9.14 | |
| moodle/moodle | lt | 3.10.11 | |
| moodle/moodle | lt | 3.11.7 | |
| moodle/moodle | lt | 4.0.1 |
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623
bugzilla.redhat.com/show_bug.cgi?id=2083592
github.com/advisories/GHSA-fj6p-g234-rrv3
github.com/moodle/moodle/commit/4f2eac208d8af4a833f81364e39a5579f39642b1
lists.fedoraproject.org/archives/list/[email protected]/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/
lists.fedoraproject.org/archives/list/[email protected]/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/
lists.fedoraproject.org/archives/list/[email protected]/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/
moodle.org/mod/forum/discuss.php?d=434580
nvd.nist.gov/vuln/detail/CVE-2022-30598
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
37.7%