moodle/moodle is vulnerable to information disclosure. The vulnerability exists through the attempts
parameter inexternal.php
due to improper access control which allows an authenticated attacker to gain access to confidential information in the file system via insufficient capability checks.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 | |
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 |
bugzilla.redhat.com/show_bug.cgi?id=2043424
github.com/advisories/GHSA-gp4w-f57r-9rx3
github.com/moodle/moodle/commit/0cd2cbccfba578c9fc67899a31e1da9b6303817e
github.com/moodle/moodle/commit/298951cd2efe520b886d3a81b185a6f89739fdcf
github.com/moodle/moodle/commit/4fae57fc971485bb3c01030be51666224579b119
github.com/moodle/moodle/commit/af4fb733eec154aafca035ad52968514adced599#