Lucene search

GitHub Advisory DatabaseGHSA-WXVP-8Q8H-R6RR

HistoryMay 13, 2022 - 1:13 a.m.

Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory

2022-05-1301:13:14

CWE-379

GitHub Advisory Database

github.com

moodle

double-cache

content

css

javascript

remote attackers

access restrictions

file system

temporary directory

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.006

Percentile

78.0%

JSON

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

Affected configurations

Vulners

Node

moodlemoodleRange2.1–2.1.1

moodlemoodleRange2.0–2.0.4

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3

moodle.org/mod/forum/discuss.php?d=182736

openwall.com/lists/oss-security/2011/11/14/1

github.com/advisories/GHSA-wxvp-8q8h-r6rr

github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6

github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329

github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3

nvd.nist.gov/vuln/detail/CVE-2011-4293

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.006

Percentile

78.0%

JSON

Related for GHSA-WXVP-8Q8H-R6RR