Lucene search

GoogleOSV:GHSA-WP3G-PR4H-Q6VV

HistoryMay 13, 2022 - 1:12 a.m.

Moodle does not enforce capability requirements for reading blog comments

2022-05-1301:12:59

Google

osv.dev

moodle

capability

vulnerability

blog

comments

remote attackers

sensitive information

AI Score

6.2

Confidence

Low

EPSS

0.006

Percentile

78.5%

JSON

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245

lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html

openwall.com/lists/oss-security/2013/05/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/28772fb9e7e6be01b765fb721af16901bb47e417

github.com/moodle/moodle/commit/5fde58a59335bc3109a9eaac4a15d1e9217541c3

github.com/moodle/moodle/commit/8aa12adcf26ff2f0b61cd6f0288f2886c8c55bf7

github.com/moodle/moodle/commit/9a909b1a359f72b8d384e18da8e05474604279e1

github.com/moodle/moodle/commit/cb538f0e539e833edb7cf6fa3d705e8abc5003fd

github.com/moodle/moodle/commit/f9e27e8323f31186820d25252ec0d4c6cd65dafc

moodle.org/mod/forum/discuss.php?d=228934

nvd.nist.gov/vuln/detail/CVE-2013-2082