GitHub Advisory DatabaseGHSA-R9PC-G29W-F86JMoodle sensitive information disclosure
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
70.3%
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651
www.openwall.com/lists/oss-security/2016/03/21/1
github.com/advisories/GHSA-r9pc-g29w-f86j
github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375
github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14
github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5
github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e
github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb
moodle.org/mod/forum/discuss.php?d=330181
nvd.nist.gov/vuln/detail/CVE-2016-2190
web.archive.org/web/20210801130148/www.securitytracker.com/id/1035333
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
70.3%