CVE-2014-3546

Опубликовано: 29 июл. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.3.11 (включая)

cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.10:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00283

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2014-3546

ubuntu

почти 11 лет назад

CVE-2014-3546

debian

почти 11 лет назад

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...

GHSA-4c5g-w3gf-rf4f

github

около 3 лет назад

Moodle allows attackers to obtain username and course information

EPSS

Процентиль: 51%

0.00283

Низкий

5 Medium

CVSS2

Дефекты

CWE-264