Lucene search

Ubuntu.comUB:CVE-2021-20186

HistoryJan 28, 2021 - 12:00 a.m.

CVE-2021-20186

2021-01-2800:00:00

ubuntu.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.8%

JSON

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that
if the TeX notation filter was enabled, additional sanitizing of TeX
content was required to prevent the risk of stored XSS.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2021-20186

moodle.org/mod/forum/discuss.php?d=417170

nvd.nist.gov/vuln/detail/CVE-2021-20186

security-tracker.debian.org/tracker/CVE-2021-20186

www.cve.org/CVERecord?id=CVE-2021-20186

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for UB:CVE-2021-20186