Lucene search

GitHub Advisory DatabaseGHSA-8VJJ-WF73-W882

HistoryMay 13, 2022 - 1:13 a.m.

Moodle Incorrect Default Settings

2022-05-1301:13:17

CWE-276

GitHub Advisory Database

github.com

moodle

configuration

delete capability

courses

remote authenticated users

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

65.2%

JSON

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

Affected configurations

Vulners

Node

moodlemoodleRange<2.0.2

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

git.moodle.org/gw?p=moodle.git;a=commit;h=5cfe8aecb8b78e343ded38ba9e7a0a859887d21c

moodle.org/mod/forum/discuss.php?d=170011

openwall.com/lists/oss-security/2011/11/14/1

github.com/advisories/GHSA-8vjj-wf73-w882

github.com/moodle/moodle/commit/5dd7e903ff1698dcf2b6bbd821c31720d169fb83

nvd.nist.gov/vuln/detail/CVE-2011-4285

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.003

Percentile

65.2%

JSON

Related for GHSA-8VJJ-WF73-W882