GHSA-j5rc-cr5w-vfg6

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS4: 6.6

Описание

Moodle Session Fixation vulnerability

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 1.8.0, < 1.9.8

1.9.8

EPSS

Процентиль: 63%

0.00447

Низкий

6.6 Medium

CVSS4

CVE ID

CVE-2010-1613

Дефекты

CWE-287

CWE-384

Связанные уязвимости

CVE-2010-1613

ubuntu

больше 15 лет назад

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

CVE-2010-1613

redhat

больше 15 лет назад

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

CVE-2010-1613

nvd

больше 15 лет назад

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

CVE-2010-1613

debian

больше 15 лет назад

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate se ...

EPSS

Процентиль: 63%

0.00447

Низкий

6.6 Medium

CVSS4

CVE ID

CVE-2010-1613

Дефекты

CWE-287

CWE-384