Lucene search

GitHub Advisory DatabaseGHSA-J9CW-5CPJ-9QJ5

HistoryMar 07, 2023 - 12:30 a.m.

Moodle has a Hidden Functionality vulnerability

2023-03-0700:30:25

CWE-912

GitHub Advisory Database

github.com

moodle

hidden functionality

vulnerability

email notifications

phishing risk

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

Affected configurations

Vulners

Node

moodlemoodleRange<3.9.8

moodlemoodleRange<3.10.5

moodlemoodleRange<3.11.1

CPENameOperatorVersion
moodle/moodlelt3.9.8
moodle/moodlelt3.10.5
moodle/moodlelt3.11.1

Name	Operator	Version
moodle/moodle	lt	3.9.8
moodle/moodle	lt	3.10.5
moodle/moodle	lt	3.11.1

References

github.com/advisories/GHSA-j9cw-5cpj-9qj5

moodle.org/mod/forum/discuss.php?d=424809

nvd.nist.gov/vuln/detail/CVE-2021-36403

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for GHSA-J9CW-5CPJ-9QJ5