Lucene search

GoogleOSV:GHSA-X3X8-FJW6-HCCX

HistoryMay 13, 2022 - 1:12 a.m.

Moodle does not consider "don't send" attributes during hub registration

2022-05-1301:12:59

Google

osv.dev

moodle

hub registration

sensitive information

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

65.9%

JSON

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider “don’t send” attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822

lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html

openwall.com/lists/oss-security/2013/05/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/1d79b726d762bcc629c1a2a74cfa3eca5a7c5da7

github.com/moodle/moodle/commit/1fc34e37fdc57b4ec303cb942dc5d5535b953ed7

github.com/moodle/moodle/commit/4d65904bc132548a2ef4c2a40bf5ba2cffb5f68f

github.com/moodle/moodle/commit/54a3ce69e9ca751fffd0b3e0eb5be4add50de113

github.com/moodle/moodle/commit/60c468bcb3b6f867a70f2f30427b52e0362e93d1

github.com/moodle/moodle/commit/667eaec4d2679a8bc1fcd9f0ff17a1be2babccb0

github.com/moodle/moodle/commit/669dee58048b18d9034a7b2367b97a50b498b0e0

github.com/moodle/moodle/commit/a811e8ac56e49a174b68ceade81197c80be4b325

github.com/moodle/moodle/commit/be6281e2cbc2fb40b96a48c07c80883fa80cd1b7

github.com/moodle/moodle/commit/fd469033fa2c860647e48f3d543346503a37faa0

moodle.org/mod/forum/discuss.php?d=228933

nvd.nist.gov/vuln/detail/CVE-2013-2081