Lucene search

[email protected]NVD:CVE-2023-34958

HistoryJun 08, 2023 - 7:15 p.m.

CVE-2023-34958

2023-06-0819:15:09

[email protected]

web.nvd.nist.gov

access control

unauthorized access

document download

chamilo 1.11.18

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document’s ID.

Affected configurations

Nvd

Node

chamilochamilo_lmsRange1.11.0–1.11.18

VendorProductVersionCPE
chamilochamilo_lms*cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chamilo	chamilo_lms	*	cpe:2.3:a:chamilo:chamilo_lms::::::::

References

github.com/chamilo/chamilo-lms/commit/0c1c29db18856a6f25e21d0405dda2c20b35ff3a

support.chamilo.org/projects/1/wiki/Security_issues#Issue-109-2023-04-15-Moderate-impact-Moderate-risk-IDOR-in-workstudent-publication

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2023-34958

osv1 prion1 cve1 cvelist1 openvas1