moodle/moodle is vulnerable to information disclosure. The vulnerability exists in the temp_dir
parameter inlatex.php
due to a lack of validation in external database authentication which allows an attacker to gain access to the files and read sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 | |
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 |
bugzilla.redhat.com/show_bug.cgi?id=2043421
github.com/advisories/GHSA-m37g-mwcg-7j7v
github.com/moodle/moodle/commit/272780993dfd634021e2c526d5a3e398c581c766
github.com/moodle/moodle/commit/cd7fa2e5133a7a2bdb1f8532b29e2548dcb4d407
github.com/moodle/moodle/commit/e514e6951c38f8a1ae9b36d8cc3e9d86c3be5205
github.com/moodle/moodle/commit/ed3ee9dd5ca4d2179b26e5bbb04b12d4621be836
moodle.org/mod/forum/discuss.php?d=427106