Lucene search

RedhatCVE-2014-0216

HistoryMay 27, 2014 - 12:55 a.m.

CVE-2014-0216

2014-05-2700:55:02

CWE-264

redhat

web.nvd.nist.gov

cve-2014-0216

information security

moodle

file access

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.

Affected configurations

Nvd

Node

moodlemoodleRange≤2.3.11

moodlemoodleMatch2.0.0

moodlemoodleMatch2.0.1

moodlemoodleMatch2.0.2

moodlemoodleMatch2.0.3

moodlemoodleMatch2.0.4

moodlemoodleMatch2.0.5

moodlemoodleMatch2.0.6

moodlemoodleMatch2.0.7

moodlemoodleMatch2.0.8

moodlemoodleMatch2.0.9

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

moodlemoodleMatch2.1.3

moodlemoodleMatch2.1.4

moodlemoodleMatch2.1.5

moodlemoodleMatch2.1.6

moodlemoodleMatch2.1.7

moodlemoodleMatch2.1.8

moodlemoodleMatch2.1.9

moodlemoodleMatch2.1.10

moodlemoodleMatch2.2.0

moodlemoodleMatch2.2.1

moodlemoodleMatch2.2.2

moodlemoodleMatch2.2.3

moodlemoodleMatch2.2.4

moodlemoodleMatch2.2.5

moodlemoodleMatch2.2.6

moodlemoodleMatch2.2.7

moodlemoodleMatch2.2.8

moodlemoodleMatch2.2.9

moodlemoodleMatch2.2.10

moodlemoodleMatch2.2.11

moodlemoodleMatch2.3.0

moodlemoodleMatch2.3.1

moodlemoodleMatch2.3.2

moodlemoodleMatch2.3.3

moodlemoodleMatch2.3.4

moodlemoodleMatch2.3.5

moodlemoodleMatch2.3.6

moodlemoodleMatch2.3.7

moodlemoodleMatch2.3.8

moodlemoodleMatch2.3.9

moodlemoodleMatch2.3.10

moodlemoodleMatch2.4.0

moodlemoodleMatch2.4.1

moodlemoodleMatch2.4.2

moodlemoodleMatch2.4.3

moodlemoodleMatch2.4.4

moodlemoodleMatch2.4.5

moodlemoodleMatch2.4.6

moodlemoodleMatch2.4.7

moodlemoodleMatch2.4.8

moodlemoodleMatch2.4.9

moodlemoodleMatch2.5.0

moodlemoodleMatch2.5.1

moodlemoodleMatch2.5.2

moodlemoodleMatch2.5.3

moodlemoodleMatch2.5.4

moodlemoodleMatch2.5.5

moodlemoodleMatch2.6.0

moodlemoodleMatch2.6.1

moodlemoodleMatch2.6.2

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
moodlemoodle2.0.0cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
moodlemoodle2.0.1cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
moodlemoodle2.0.2cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
moodlemoodle2.0.3cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
moodlemoodle2.0.4cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
moodlemoodle2.0.5cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
moodlemoodle2.0.6cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*
moodlemoodle2.0.7cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*
moodlemoodle2.0.8cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
moodle	moodle	2.0.0	cpe:2.3:a:moodle:moodle:2.0.0:::::::*
moodle	moodle	2.0.1	cpe:2.3:a:moodle:moodle:2.0.1:::::::*
moodle	moodle	2.0.2	cpe:2.3:a:moodle:moodle:2.0.2:::::::*
moodle	moodle	2.0.3	cpe:2.3:a:moodle:moodle:2.0.3:::::::*
moodle	moodle	2.0.4	cpe:2.3:a:moodle:moodle:2.0.4:::::::*
moodle	moodle	2.0.5	cpe:2.3:a:moodle:moodle:2.0.5:::::::*
moodle	moodle	2.0.6	cpe:2.3:a:moodle:moodle:2.0.6:::::::*
moodle	moodle	2.0.7	cpe:2.3:a:moodle:moodle:2.0.7:::::::*
moodle	moodle	2.0.8	cpe:2.3:a:moodle:moodle:2.0.8:::::::*