Lucene search

GitHub Advisory DatabaseGHSA-MPJX-8PHJ-5M34

HistoryMay 13, 2022 - 1:13 a.m.

Moodle Allows Unauthenticated Dropbox Access

2022-05-1301:13:01

CWE-287

GitHub Advisory Database

github.com

moodle

security issue

dropbox access

unauthenticated

remote users

workstation

logout

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.

Affected configurations

Vulners

Node

moodlemoodleRange2.1–2.1.8

moodlemoodleRange2.2–2.2.5

moodlemoodleRange2.3–2.3.2

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872

openwall.com/lists/oss-security/2012/11/19/1

github.com/advisories/GHSA-mpjx-8phj-5m34

github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f

github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910

github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428

github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde

moodle.org/mod/forum/discuss.php?d=216155

nvd.nist.gov/vuln/detail/CVE-2012-5471

web.archive.org/web/20121202030020/www.securityfocus.com/bid/56505

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

Related for GHSA-MPJX-8PHJ-5M34