GHSA-xjx9-7c29-pwmm

Source

https://github.com/advisories/GHSA-xjx9-7c29-pwmm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xjx9-7c29-pwmm/GHSA-xjx9-7c29-pwmm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xjx9-7c29-pwmm

Aliases

CVE-2018-1134

Published

2022-05-13T01:49:11Z

Modified

2024-04-24T00:11:48.904354Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Moodle Improper Privilege Management

Details

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.

Database specific

{
    "nvd_published_at": "2018-05-25T12:29:00Z",
    "cwe_ids": [
        "CWE-269"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:41:52Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1

Fixed

3.1.12

Affected versions

v3.*

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.1.10

v3.1.11

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2

Fixed

3.2.9

Affected versions

v3.*

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

3.3.6

Affected versions

v3.*

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.4

Fixed

3.4.3

Affected versions

v3.*

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.4.0

v3.4.1

v3.4.2