GHSA-g96h-wvrm-c2ww
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g96h-wvrm-c2ww
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g96h-wvrm-c2ww/GHSA-g96h-wvrm-c2ww.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g96h-wvrm-c2ww
- Aliases
- Published
- 2022-05-13T01:12:38Z
- Modified
- 2024-04-23T23:58:47.961235Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Moodle Improper Access Control
- Details
-
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.
- Database specific
{ "nvd_published_at": "2017-04-20T21:59:00Z", "cwe_ids": [ "CWE-284" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-23T23:41:12Z" }- References
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle