Lucene search

GitHub Advisory DatabaseGHSA-6VJF-48FH-VXXJ

HistoryFeb 19, 2024 - 6:31 p.m.

Improper Handling of Parameters in moodle

2024-02-1918:31:32

CWE-233

GitHub Advisory Database

github.com

moodle

security

parameters

forum

url

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

15.5%

JSON

The URL parameters accepted by forum search were not limited to the allowed parameters.

Affected configurations

Vulners

Node

moodlemoodleRange<4.1.9

moodlemoodleRange4.2.0–4.2.6

moodlemoodleRange4.3.0–4.3.3

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774

bugzilla.redhat.com/show_bug.cgi?id=2264095

github.com/advisories/GHSA-6vjf-48fh-vxxj

github.com/moodle/moodle/commit/6eaeeda6cf759672def05a85afe9e4d521739166

lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB

moodle.org/mod/forum/discuss.php?d=455635

nvd.nist.gov/vuln/detail/CVE-2024-25979

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for GHSA-6VJF-48FH-VXXJ