Lucene search
Veracode Vulnerability DatabaseVERACODE:37355HistorySep 30, 2022 - 8:24 a.m.
Information Disclosure
2022-09-3008:24:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
22.7%
moodle/moodle is vulnerable to information disclosure. The vulnerability exists through the attempts parameter inexternal.php due to improper access control which allows an authenticated attacker to gain access to confidential information in the file system via insufficient capability checks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | v3.11.2 | |
| moodle/moodle | le | v3.9.9 | |
| moodle/moodle | le | v3.10.6 | |
| moodle/moodle | le | v3.11.2 | |
| moodle/moodle | le | v3.9.9 | |
| moodle/moodle | le | v3.10.6 |
References
bugzilla.redhat.com/show_bug.cgi?id=2043424
github.com/advisories/GHSA-gp4w-f57r-9rx3
github.com/moodle/moodle/commit/0cd2cbccfba578c9fc67899a31e1da9b6303817e
github.com/moodle/moodle/commit/298951cd2efe520b886d3a81b185a6f89739fdcf
github.com/moodle/moodle/commit/4fae57fc971485bb3c01030be51666224579b119
github.com/moodle/moodle/commit/af4fb733eec154aafca035ad52968514adced599#
Related
osv
osv
CVE-2021-40695
2022-09-29 03:15:14
BIT-moodle-2021-40695
2024-03-06 11:06:59
Moodle Exposure of Sensitive Information to an Unauthorized Actor
2022-09-30 00:00:29
github
github
Moodle Exposure of Sensitive Information to an Unauthorized Actor
2022-09-30 00:00:29
prion
prion
Code injection
2022-09-29 03:15:00
cvelist
cvelist
CVE-2021-40695
2022-01-21 18:17:48
nvd
nvd
CVE-2021-40695
2022-09-29 03:15:14
cve
cve
CVE-2021-40695
2022-09-29 03:15:14
ubuntucve
ubuntucve
CVE-2021-40695
2022-09-29 00:00:00
nessus
nessus
Moodle 3.9.x < 3.9.10 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.3 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.7 Multiple Vulnerabilities
2023-02-20 00:00:00
openvas
openvas
Moodle Session Hijack Vulnerability (MSA-21-0032)
2023-08-16 00:00:00