Описание
Moodle arbitrary file read vulnerability
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28330
- https://github.com/moodle/moodle/commit/493205b6b280633bcbc49d2eaf4f61a52252c26c
- https://bugzilla.redhat.com/show_bug.cgi?id=2179412
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77204
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://moodle.org/mod/forum/discuss.php?d=445062
Пакеты
moodle/moodle
>= 4.1.0, < 4.1.2
4.1.2
moodle/moodle
>= 4.0.0, < 4.0.7
4.0.7
moodle/moodle
>= 3.11.0, < 3.11.13
3.11.13
moodle/moodle
< 3.9.20
3.9.20
Связанные уязвимости
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Insufficient sanitizing in backup resulted in an arbitrary file read r ...