Lucene search

GoogleOSV:CVE-2023-34958

HistoryJun 08, 2023 - 7:15 p.m.

CVE-2023-34958

2023-06-0819:15:09

Google

osv.dev

chamilo

access control

unauthorized access

document download

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.7%

JSON

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document’s ID.

CPENameOperatorVersion
chamilo-lmseq1.10.x.pre-doctrine
chamilo-lmseq1.11.6-alpha.1
chamilo-lmseq1.9.8
chamilo-lmseqCHAMILO_1_9_6_STABLE
chamilo-lmseqCHAMILO_1_9_2_STABLE_QUARTER
chamilo-lmseq1.11.8
chamilo-lmseqCHAMILO_1_8_6_2_STABLE
chamilo-lmseqCHAMILO_1_8_7_RC_1
chamilo-lmseq1.11.12
chamilo-lmseqCHAMILO_1_9_0_ALPHA_2

Name	Operator	Version
chamilo-lms	eq	1.10.x.pre-doctrine
chamilo-lms	eq	1.11.6-alpha.1
chamilo-lms	eq	1.9.8
chamilo-lms	eq	CHAMILO_1_9_6_STABLE
chamilo-lms	eq	CHAMILO_1_9_2_STABLE_QUARTER
chamilo-lms	eq	1.11.8
chamilo-lms	eq	CHAMILO_1_8_6_2_STABLE
chamilo-lms	eq	CHAMILO_1_8_7_RC_1
chamilo-lms	eq	1.11.12
chamilo-lms	eq	CHAMILO_1_9_0_ALPHA_2

Rows per page:

1-10 of 671

References

github.com/chamilo/chamilo-lms/commit/0c1c29db18856a6f25e21d0405dda2c20b35ff3a

support.chamilo.org/projects/1/wiki/Security_issues#Issue-109-2023-04-15-Moderate-impact-Moderate-risk-IDOR-in-workstudent-publication

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for OSV:CVE-2023-34958