GHSA-9x63-m3cc-qf3g

Source

https://github.com/advisories/GHSA-9x63-m3cc-qf3g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x63-m3cc-qf3g/GHSA-9x63-m3cc-qf3g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9x63-m3cc-qf3g

Aliases

CVE-2017-7490

Published

2022-05-13T01:47:00Z

Modified

2024-04-23T23:26:47.516029Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Moodle Unauthorized searching of arbitrary blogs by typing full url

Details

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

Database specific

{
    "github_reviewed_at": "2024-04-23T22:51:17Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-668"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2017-05-15T14:29:00Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2

Fixed

3.2.3

Affected versions

v3.*

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0

v3.2.1

v3.2.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x63-m3cc-qf3g/GHSA-9x63-m3cc-qf3g.json"

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1

Fixed

3.1.6

Affected versions

v3.*

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x63-m3cc-qf3g/GHSA-9x63-m3cc-qf3g.json"

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0

Fixed

3.0.10

Affected versions

v3.*

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x63-m3cc-qf3g/GHSA-9x63-m3cc-qf3g.json"

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7

Fixed

2.7.20

Affected versions

v2.*

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9x63-m3cc-qf3g/GHSA-9x63-m3cc-qf3g.json"