Veracode Vulnerability DatabaseVERACODE:44237Cache Poisoning
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%
moodle/moodle is vulnerable to Cache Poisoning. The vulnerability exists because the library does not impose any restrictions on the minimum value for a revision. If the revision is either too old or too new, the file content is cached without undergoing any validation through the file serving endpoints.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846
bugzilla.redhat.com/show_bug.cgi?id=2243449
github.com/advisories/GHSA-cwh2-q44x-5w3c
github.com/moodle/moodle/commit/42518c7c4a9fd8cfa209971ca81e59cc3c4d72e2
github.com/moodle/moodle/commit/61f082c4aa2048a315148d4ae6219b078c6b7540
github.com/moodle/moodle/commit/64ac84fdb5665732b32172e8765dd68ebf040822
github.com/moodle/moodle/commit/64ac84fdb5665732b32172e8765dd68ebf040822
github.com/moodle/moodle/commit/6f2fa6011eb87c88543f5569b0576ec179201651
github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933
moodle.org/mod/forum/discuss.php?d=451589
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%