BIT-moodle-2023-28330

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-28330.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2023-28330

Aliases

Published

2024-03-06T11:00:43.602Z

Modified

2025-05-20T10:02:07.006Z

Summary

Moodle: authenticated arbitrary file read through malformed backup file

Details

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.9.0

Fixed

3.9.20

Introduced

3.11.0

Fixed

3.11.13

Introduced

4.0.0

Fixed

4.0.7

Introduced

4.1.0

Fixed

4.1.2