Lucene search

Ubuntu.comUB:CVE-2024-25981

HistoryFeb 19, 2024 - 12:00 a.m.

CVE-2024-25981

2024-02-1900:00:00

ubuntu.com

cve-2024-25981

restrictions

forum

export

data

teachers

unix

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Separate Groups mode restrictions were not honored when performing a forum
export, which would export forum data for all groups. By default this only
provided additional access to non-editing teachers.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504

bugzilla.redhat.com/show_bug.cgi?id=2264097

launchpad.net/bugs/cve/CVE-2024-25981

moodle.org/mod/forum/discuss.php?d=455637

nvd.nist.gov/vuln/detail/CVE-2024-25981

security-tracker.debian.org/tracker/CVE-2024-25981

www.cve.org/CVERecord?id=CVE-2024-25981

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for UB:CVE-2024-25981