Описание
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.13 (исключая)Версия от 3.3.0 (включая) до 3.3.7 (исключая)Версия от 3.4.0 (включая) до 3.4.4 (исключая)Версия от 3.5.0 (включая) до 3.5.1 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00289
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 7 лет назад
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories.
CVSS3: 4.3
debian
почти 7 лет назад
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...
CVSS3: 5.3
github
около 3 лет назад
Moodle Exposure of Sensitive Information to an Unauthorized Actor
EPSS
Процентиль: 52%
0.00289
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200