Lucene search

GoogleOSV:GHSA-6VJF-48FH-VXXJ

HistoryFeb 19, 2024 - 6:31 p.m.

Improper Handling of Parameters in moodle

2024-02-1918:31:32

Google

osv.dev

moodle

url parameters

forum search

security incident

software

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

15.5%

JSON

The URL parameters accepted by forum search were not limited to the allowed parameters.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774

bugzilla.redhat.com/show_bug.cgi?id=2264095

github.com/moodle/moodle

github.com/moodle/moodle/commit/6eaeeda6cf759672def05a85afe9e4d521739166

lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB

moodle.org/mod/forum/discuss.php?d=455635

nvd.nist.gov/vuln/detail/CVE-2024-25979

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for OSV:GHSA-6VJF-48FH-VXXJ