5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.7%
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before
2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles
setting, which allows remote attackers to obtain sensitive course-profile
information by leveraging the guest role, as demonstrated by a Google
search.
Author | Note |
---|---|
seth-arnold | MSA-13-0012 |