Lucene search

K

[email protected]NVD:CVE-2022-35649

HistoryJul 25, 2022 - 4:15 p.m.

CVE-2022-35649

2022-07-2516:15:08

CWE-94

CWE-20

[email protected]

web.nvd.nist.gov

3

moodle

input validation

remote code execution

ghostscript

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.03 Low

EPSS

Percentile

91.0%

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Affected configurations

NVD

Node

moodlemoodleRange3.9.0–3.9.15

OR

moodlemoodleRange3.11.0–3.11.8

OR

moodlemoodleRange4.0.0–4.0.2

Node

fedoraprojectfedoraMatch35

OR

fedoraprojectfedoraMatch36

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044

bugzilla.redhat.com/show_bug.cgi?id=2106273

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/

moodle.org/mod/forum/discuss.php?d=436456

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.03 Low

EPSS

Percentile

91.0%

Related for NVD:CVE-2022-35649

osv3 cnvd1 ubuntucve1 githubexploit1 cve1 veracode1 github1 prion1 cvelist1 openvas3 nessus3 fedora2 redos1