Lucene search
Veracode Vulnerability DatabaseVERACODE:13553HistoryMar 27, 2019 - 6:58 a.m.
Information Disclosure
2019-03-2706:58:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
22.7%
moodle/moodle is vulnerable to information disclosure attacks. The vulnerability exists as permissions were not checked in the calendar’s edit event modal popup, allowing information disclosure attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | 3.5.4 | |
| moodle/moodle | le | 3.4.7 | |
| moodle/moodle | le | 3.6.2 | |
| moodle/moodle | le | 3.5.4 | |
| moodle/moodle | le | 3.4.7 | |
| moodle/moodle | le | 3.6.2 |
References
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
github.com/moodle/moodle/commit/2cebb87682780eb9fccf16a6859c6b622da08bba
github.com/moodle/moodle/commit/5226cc8a507d18682b52298fbd02e9e462bf5ed9
github.com/moodle/moodle/commit/816e6abb1b0a69f9e105e36c778b768d47ad5168
moodle.org/mod/forum/discuss.php?d=384011#p1547743
Related
ubuntucve
ubuntucve
CVE-2019-3848
2019-03-26 00:00:00
osv
osv
Moodle Logged in users could view all calendar events
2022-05-13 01:05:22
CVE-2019-3848
2019-03-26 18:29:00
github
github
Moodle Logged in users could view all calendar events
2022-05-13 01:05:22
prion
prion
Design/Logic Flaw
2019-03-26 18:29:00
cvelist
cvelist
CVE-2019-3848
2019-03-26 00:00:00
cve
cve
CVE-2019-3848
2019-03-26 18:29:00
nvd
nvd
CVE-2019-3848
2019-03-26 18:29:00
openvas
openvas