Lucene search

K

Ubuntu.comUB:CVE-2014-0216

HistoryMay 27, 2014 - 12:00 a.m.

CVE-2014-0216

2014-05-2700:00:00

ubuntu.com

ubuntu.com

7

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.1%

The My Home implementation in the block_html_pluginfile function in
blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x
before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file
access, which allows remote attackers to obtain sensitive information by
visiting an HTML block.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877

openwall.com/lists/oss-security/2014/05/19/1

launchpad.net/bugs/cve/CVE-2014-0216

moodle.org/mod/forum/discuss.php?d=260364

nvd.nist.gov/vuln/detail/CVE-2014-0216

security-tracker.debian.org/tracker/CVE-2014-0216

www.cve.org/CVERecord?id=CVE-2014-0216

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.1%

Related for UB:CVE-2014-0216

veracode1 prion1 nvd1 cvelist1 github1 cve1 osv1 openvas8 mageia1 nessus3 fedora7