CVE-2019-3808

Опубликовано: 25 мар. 2019

Источник: nvd

CVSS3: 4.3

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.

Ссылки

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
Patch
Vendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.15 (включая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.4.0 (включая) до 3.4.6 (включая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.5.0 (включая) до 3.5.3 (включая)

cpe:2.3:a:moodle:moodle:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00416

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-3808

CVSS3: 5.4

ubuntu

больше 6 лет назад

CVE-2019-3808

CVSS3: 5.4

debian

больше 6 лет назад

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to ...

GHSA-4r2p-wpv5-683w

CVSS3: 5.4

github

около 3 лет назад

Moodle XSS Vulnerability

EPSS

Процентиль: 61%

0.00416

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79