Lucene search

Ubuntu.comUB:CVE-2022-30596

HistoryMay 18, 2022 - 12:00 a.m.

CVE-2022-30596

2022-05-1800:00:00

ubuntu.com

moodle

id numbers

bulk allocation

markers

assignments

xss risk

unix

sanitizing

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.4%

JSON

A flaw was found in moodle where ID numbers displayed when bulk allocating
markers to assignments required additional sanitizing to prevent a stored
XSS risk.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204

bugzilla.redhat.com/show_bug.cgi?id=2083583

launchpad.net/bugs/cve/CVE-2022-30596

moodle.org/mod/forum/discuss.php?d=434578

nvd.nist.gov/vuln/detail/CVE-2022-30596

security-tracker.debian.org/tracker/CVE-2022-30596

www.cve.org/CVERecord?id=CVE-2022-30596

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.4%

JSON

Related for UB:CVE-2022-30596