GitHub Advisory DatabaseGHSA-WMMC-QJQ2-VVM2Moodle is vulnerable to Sensitive Information Disclosure
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
59.4%
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
openwall.com/lists/oss-security/2013/05/21/1
github.com/advisories/GHSA-wmmc-qjq2-vvm2
github.com/moodle/moodle/commit/4b280ca67972479b4b86dd8861bcbeb8c06e41f9
github.com/moodle/moodle/commit/5df9bc3998095299c6862973866252649a5e0866
github.com/moodle/moodle/commit/bf5f227817ec65cfdf76d4bdc961af81a701bc31
moodle.org/mod/forum/discuss.php?d=228931
nvd.nist.gov/vuln/detail/CVE-2013-2080
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
59.4%