Описание
Moodle's error handling leads to sensitive information disclosure
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-62396
- https://github.com/moodle/moodle/commit/5d4910509eeaac8403d18ec8f259e29d2f11527e
- https://github.com/moodle/moodle/commit/5e7d5abc483d0511ebfc2042075eabcc392ff4ce
- https://access.redhat.com/security/cve/CVE-2025-62396
- https://bugzilla.redhat.com/show_bug.cgi?id=2404429
- https://moodle.org/mod/forum/discuss.php?d=470385
Пакеты
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 5.0.0-beta, < 5.0.3
5.0.3
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.5.0-beta, < 4.5.7
4.5.7
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 2 месяцев назад
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
CVSS3: 5.3
nvd
около 2 месяцев назад
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
CVSS3: 5.3
debian
около 2 месяцев назад
An error-handling issue in the Moodle router (r.php) could cause the a ...