Lucene search

K
osvGoogleOSV:BIT-MOODLE-2023-5545
HistoryMar 06, 2024 - 10:57 a.m.

BIT-moodle-2023-5545

2024-03-0610:57:40
Google
osv.dev
6
h5p
metadata
sensitive information
software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

H5P metadata automatically populated the author with the user’s username, which could be sensitive information.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%