Lucene search

K

Ubuntu.comUB:CVE-2014-0126

HistoryMar 24, 2014 - 12:00 a.m.

CVE-2014-0126

2014-03-2400:00:00

ubuntu.com

ubuntu.com

5

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.1%

Cross-site request forgery (CSRF) vulnerability in
enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before
2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers
to hijack the authentication of administrators for requests that import an
IMS Enterprise file.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146

openwall.com/lists/oss-security/2014/03/17/1

launchpad.net/bugs/cve/CVE-2014-0126

moodle.org/mod/forum/discuss.php?d=256423

nvd.nist.gov/vuln/detail/CVE-2014-0126

security-tracker.debian.org/tracker/CVE-2014-0126

www.cve.org/CVERecord?id=CVE-2014-0126

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.1%

Related for UB:CVE-2014-0126

osv1 veracode1 cvelist1 prion1 github1 cve1 nessus5 fedora9 openvas12 mageia1