Lucene search

[email protected]NVD:CVE-2021-20281

HistoryMar 15, 2021 - 10:15 p.m.

CVE-2021-20281

2021-03-1522:15:13

CWE-200

CWE-863

[email protected]

web.nvd.nist.gov

moodle

user names

permission issue

cve-2021-20281

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Affected configurations

Nvd

Node

moodlemoodleRange3.5.0–3.5.17

moodlemoodleRange3.8.0–3.8.8

moodlemoodleRange3.9.0–3.9.5

moodlemoodleRange3.10.0–3.10.2

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch34

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*