CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
64.9%
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10,
2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x
before 2.5.1 does not properly support the sendname, sendemailaddr, and
acceptgrades settings, which allows remote attackers to obtain sensitive
information in opportunistic circumstances by leveraging an environment in
which there was an ineffective attempt to enable the more secure values.