Lucene search

[email protected]NVD:CVE-2010-1617

HistoryApr 29, 2010 - 9:30 p.m.

CVE-2010-1617

2010-04-2921:30:00

CWE-264

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.4%

JSON

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

Affected configurations

NVD

Node

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.6

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.8.9

moodlemoodleMatch1.8.10

moodlemoodleMatch1.8.11

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

moodlemoodleMatch1.9.7

References

cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29

lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

moodle.org/security/

www.vupen.com/english/advisories/2010/1107

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for NVD:CVE-2010-1617

prion1 ubuntucve1 cvelist1 cve1 openvas4 nessus3 osv1 debian2