Lucene search

K

Ubuntu.comUB:CVE-2014-0216

HistoryMay 27, 2014 - 12:00 a.m.

CVE-2014-0216

2014-05-2700:00:00

ubuntu.com

ubuntu.com

10

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

69.1%

The My Home implementation in the block_html_pluginfile function in
blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x
before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file
access, which allows remote attackers to obtain sensitive information by
visiting an HTML block.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877

openwall.com/lists/oss-security/2014/05/19/1

launchpad.net/bugs/cve/CVE-2014-0216

moodle.org/mod/forum/discuss.php?d=260364

nvd.nist.gov/vuln/detail/CVE-2014-0216

security-tracker.debian.org/tracker/CVE-2014-0216

www.cve.org/CVERecord?id=CVE-2014-0216

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

69.1%

Related for UB:CVE-2014-0216

cvelist1 github1 veracode1 prion1 nvd1 osv1 cve1 mageia1 openvas8 nessus3 fedora7