Lucene search

Ubuntu.comUB:CVE-2024-25983

HistoryFeb 19, 2024 - 12:00 a.m.

CVE-2024-25983

2024-02-1900:00:00

ubuntu.com

web service

unauthorized comments

user dashboard

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Insufficient checks in a web service made it possible to add comments to
the comments block on another user’s dashboard when it was not otherwise
available (e.g., on their profile page).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300

bugzilla.redhat.com/show_bug.cgi?id=2264099

launchpad.net/bugs/cve/CVE-2024-25983

moodle.org/mod/forum/discuss.php?d=455641

nvd.nist.gov/vuln/detail/CVE-2024-25983

security-tracker.debian.org/tracker/CVE-2024-25983

www.cve.org/CVERecord?id=CVE-2024-25983

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for UB:CVE-2024-25983