GitHub Advisory DatabaseGHSA-Q2X3-2F9G-H559Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.7%
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 3.9.20 | |
| moodle/moodle | lt | 3.11.13 | |
| moodle/moodle | lt | 4.0.7 | |
| moodle/moodle | lt | 4.1.2 |
References
bugzilla.redhat.com/show_bug.cgi?id=2179422
git.moodle.org/gw?p=moodle.git;a=commitdiff;h=128c0c21607a71f411611a0104b2a8c858dd6fca
github.com/advisories/GHSA-q2x3-2f9g-h559
github.com/moodle/moodle/commit/128c0c21607a71f411611a0104b2a8c858dd6fca
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
moodle.org/mod/forum/discuss.php?d=445065
nvd.nist.gov/vuln/detail/CVE-2023-28333
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.7%