Lucene search

RedhatCVE-2021-20281

HistoryMar 15, 2021 - 10:15 p.m.

CVE-2021-20281

2021-03-1522:15:13

CWE-200

CWE-863

redhat

web.nvd.nist.gov

cve-2021-20281

information security

unauthorized access

moodle

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.002

Percentile

52.3%

JSON

It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Affected configurations

Nvd

Vulners

Node

moodlemoodleRange3.5.0–3.5.17

moodlemoodleRange3.8.0–3.8.8

moodlemoodleRange3.9.0–3.9.5

moodlemoodleRange3.10.0–3.10.2

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch34

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*

CNA Affected

[
  {
    "product": "moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 3.10.2, 3.9.5, 3.8.8, 3.5.17"
      }
    ]
  }
]