CVE-2019-3848

Опубликовано: 26 мар. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 3.4.8 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.5.0 (включая) до 3.5.5 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.6.0 (включая) до 3.6.3 (исключая)

EPSS

Процентиль: 34%

0.00133

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2019-3848

CVSS3: 4.3

ubuntu

больше 6 лет назад

CVE-2019-3848

CVSS3: 4.3

debian

больше 6 лет назад

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...

GHSA-45rw-4r25-jvg7

CVSS3: 4.3

github

около 3 лет назад

Moodle Logged in users could view all calendar events

EPSS

Процентиль: 34%

0.00133

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863