4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
31.7%
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the “login as other users” capability (such as administrators/managers) can access other users’ Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 3.1.17 | |
moodle/moodle | lt | 3.4.8 | |
moodle/moodle | lt | 3.5.5 | |
moodle/moodle | lt | 3.6.3 |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
github.com/advisories/GHSA-qrcj-6fjw-3h9h
github.com/moodle/moodle/commit/070f24d006eab6b958eb083530de159b43c538ed
github.com/moodle/moodle/commit/93dda3bfd3caaaa8d23fe8ede543f27ef774958d
github.com/moodle/moodle/commit/a37e26d2efe1ca0e4d8d69c611a748af35b33674
github.com/moodle/moodle/commit/e836242e1c04cd62d0afa4a790074fd245628e7a
github.com/moodle/moodle/commit/ec3b63c772d6448765c68268234cf36c1a91bcac
moodle.org/mod/forum/discuss.php?d=384010#p1547742
nvd.nist.gov/vuln/detail/CVE-2019-3847
web.archive.org/web/20200227082922/www.securityfocus.com/bid/107489
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
31.7%