Lucene search

K

GoogleOSV:GHSA-WMMC-QJQ2-VVM2

HistoryMay 13, 2022 - 1:12 a.m.

Moodle is vulnerable to Sensitive Information Disclosure

2022-05-1301:12:58

Google

osv.dev

7

moodle

sensitive information disclosure

gradebook

EPSS

0.002

Percentile

59.4%

The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475

lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html

openwall.com/lists/oss-security/2013/05/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/4b280ca67972479b4b86dd8861bcbeb8c06e41f9

github.com/moodle/moodle/commit/5df9bc3998095299c6862973866252649a5e0866

github.com/moodle/moodle/commit/bf5f227817ec65cfdf76d4bdc961af81a701bc31

moodle.org/mod/forum/discuss.php?d=228931

nvd.nist.gov/vuln/detail/CVE-2013-2080

EPSS

0.002

Percentile

59.4%

Related for OSV:GHSA-WMMC-QJQ2-VVM2

ubuntucve1 cvelist1 nvd1 veracode1 cve1 prion1 github1 fedora3 openvas5 nessus3 mageia1