Lucene search

[email protected]NVD:CVE-2022-28986

HistoryMay 10, 2022 - 7:15 p.m.

CVE-2022-28986

2022-05-1019:15:09

CWE-639

[email protected]

web.nvd.nist.gov

lms doctor simple

2 factor authentication

idor vulnerability

moodle

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

48.1%

JSON

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.

Affected configurations

Nvd

Node

lmsdoctor2_factor_authenticationMatch2021072900moodle

VendorProductVersionCPE
lmsdoctor2_factor_authentication2021072900cpe:2.3:a:lmsdoctor:2_factor_authentication:2021072900:*:*:*:*:moodle:*:*

Vendor	Product	Version	CPE
lmsdoctor	2_factor_authentication	2021072900	cpe:2.3:a:lmsdoctor:2_factor_authentication:2021072900:::::moodle::

References

lms.com

simple.com

github.com/FlaviuPopescu/CVE-2022-28986

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

48.1%

JSON

Related for NVD:CVE-2022-28986

cve1 prion1 cvelist1