CVE-2019-3847

Опубликовано: 27 мар. 2019

Источник: nvd

CVSS3: 5.4

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

Ссылки

http://www.securityfocus.com/bid/107489
Broken Link
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
Patch
Vendor Advisory
http://www.securityfocus.com/bid/107489
Broken Link
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 3.1.17 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.4.0 (включая) до 3.4.8 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.5.0 (включая) до 3.5.5 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.6.0 (включая) до 3.6.3 (исключая)

EPSS

Процентиль: 77%

0.0113

Низкий

5.4 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-3847

CVSS3: 4.8

ubuntu

больше 6 лет назад

CVE-2019-3847

CVSS3: 4.8

debian

больше 6 лет назад

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...

GHSA-qrcj-6fjw-3h9h

CVSS3: 4.8

github

около 3 лет назад

Moodle XSS Vulnerability

EPSS

Процентиль: 77%

0.0113

Низкий

5.4 Medium

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79