GHSA-5282-96ff-xx3h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5282-96ff-xx3h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5282-96ff-xx3h/GHSA-5282-96ff-xx3h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5282-96ff-xx3h
- Aliases
- Published
- 2022-05-13T01:12:38Z
- Modified
- 2024-02-16T08:22:04.622190Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Moodle sensitive information disclosure
- Details
-
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
- Database specific
{ "nvd_published_at": "2017-04-20T21:59:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-28T22:01:33Z" }- References
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle