Veracode Vulnerability DatabaseVERACODE:44258Information Disclosure
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
moodle/moodle is vulnerable to Information Disclosure. The vulnerability exists because the user group restrictions are not properly implemented which allows an attacker to view summary reports of different user groups.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
bugzilla.redhat.com/show_bug.cgi?id=2243453
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
github.com/advisories/GHSA-jr83-8x65-xcr5
github.com/moodle/moodle/commit/280eee89d4aee309dc9e15859fc52fdba15e019a
github.com/moodle/moodle/commit/8c379e204077aac85c79f7d52005d24e5bd60a95
github.com/moodle/moodle/commit/a55e18fb8123d93d9c5008ed46103d05c4bed513
github.com/moodle/moodle/commit/c64f39d187d5b333c18b0ef4ce2b3dbdcd522647
github.com/moodle/moodle/commit/e2e653ea38433ed1128f6b59bd9a1c8988af05c4
moodle.org/mod/forum/discuss.php?d=451592
Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%