Lucene search

K

GoogleOSV:BIT-MOODLE-2022-35649

HistoryMar 06, 2024 - 11:03 a.m.

BIT-moodle-2022-35649

2024-03-0611:03:56

Google

osv.dev

10

moodle

input validation

postscript code

remote code execution

ghostscript

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.03

Percentile

91.0%

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044

bugzilla.redhat.com/show_bug.cgi?id=2106273

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/

moodle.org/mod/forum/discuss.php?d=436456

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.03

Percentile

91.0%

Related for OSV:BIT-MOODLE-2022-35649

nvd1 cnvd1 osv2 ubuntucve1 githubexploit1 cvelist1 veracode1 github1 cve1 prion1 openvas3 nessus3 fedora2 redos1