CVE-2020-10738

Опубликовано: 21 мая 2020

Источник: nvd

CVSS3: 7.5

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.

Ссылки

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68410
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10738
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=403513
Patch
Vendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68410
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10738
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=403513
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.5 (включая) до 3.5.12 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.6 (включая) до 3.6.10 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.7 (включая) до 3.7.6 (исключая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.8 (включая) до 3.8.3 (исключая)

EPSS

Процентиль: 84%

0.0234

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-10738

CVSS3: 7.5

ubuntu

около 5 лет назад

CVE-2020-10738

CVSS3: 7.5

debian

около 5 лет назад

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...

GHSA-vr6v-g96p-cjc3

CVSS3: 8.8

github

около 3 лет назад

Moodle vulnerable to RCE

EPSS

Процентиль: 84%

0.0234

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20