GHSA-vxmv-74rf-vqgp

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.1, < 3.1.12

3.1.12

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.2, < 3.2.9

3.2.9

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.3, < 3.3.6

3.3.6

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.4, < 3.4.3

3.4.3

EPSS

Процентиль: 57%

0.00349

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-1135

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-1135

CVSS3: 6.5

ubuntu

около 7 лет назад

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

CVE-2018-1135

CVSS3: 6.5

nvd

около 7 лет назад

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

CVE-2018-1135

CVSS3: 6.5

debian

около 7 лет назад

An issue was discovered in Moodle 3.x. Students who posted on forums a ...

EPSS

Процентиль: 57%

0.00349

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-1135

Дефекты

CWE-200