Lucene search

K

GoogleOSV:GHSA-H8VC-V44P-5R2Q

HistoryMay 13, 2022 - 1:12 a.m.

Moodle provides calendar-event data without considering whether an activity is hidden

2022-05-1301:12:38

Google

osv.dev

9

moodle

calendar-event

data exposure

authentication

web-service

AI Score

5.8

Confidence

Low

EPSS

0.002

Percentile

51.6%

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808

www.openwall.com/lists/oss-security/2016/03/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd

github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94

github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf

github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3

github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158

moodle.org/mod/forum/discuss.php?d=330178

nvd.nist.gov/vuln/detail/CVE-2016-2156

web.archive.org/web/20160424224349/www.securitytracker.com/id/1035333

AI Score

5.8

Confidence

Low

EPSS

0.002

Percentile

51.6%

Related for OSV:GHSA-H8VC-V44P-5R2Q

prion1 nvd1 cvelist1 github1 cve1 veracode1 ubuntucve1 fedora3 nessus5 openvas3 mageia1 freebsd1