Lucene search

K

GoogleOSV:GHSA-9X63-M3CC-QF3G

HistoryMay 13, 2022 - 1:47 a.m.

Moodle Unauthorized searching of arbitrary blogs by typing full url

2022-05-1301:47:00

Google

osv.dev

7

moodle

unauthorized access

capability check

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

43.5%

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

References

github.com/moodle/moodle

moodle.org/mod/forum/discuss.php?d=352354

nvd.nist.gov/vuln/detail/CVE-2017-7490

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

43.5%

Related for OSV:GHSA-9X63-M3CC-QF3G

ubuntucve1 veracode1 osv1 prion1 github1 cvelist1 nvd1 cve1 openvas4 fedora2