← Back

CVE-2017-7489

nvd nist
Published: May 15, 2017Modified: May 13, 2026

JSON object

Loading...
6.3
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 2.8 / Impact: 3.4
Source: NVD

Description

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

Affected (53)

Products: Moodle: Moodle
Moodle
1 product
Moodle
Configuration A
53 vulnerable
Vulnerable SoftwareAffected Versions
Moodle
Moodle
Version 2.7.0
Moodle
Version 2.7.0 beta
Moodle
Version 2.7.0 rc1
Moodle
Version 2.7.0 rc2
Moodle
Version 2.7.10
Moodle
Version 2.7.11
Moodle
Version 2.7.12
Moodle
Version 2.7.13
Moodle
Version 2.7.14
Moodle
Version 2.7.15
Moodle
Version 2.7.16
Moodle
Version 2.7.17
Moodle
Version 2.7.18
Moodle
Version 2.7.1
Moodle
Version 2.7.2
Moodle
Version 2.7.3
Moodle
Version 2.7.4
Moodle
Version 2.7.5
Moodle
Version 2.7.6
Moodle
Version 2.7.7
Moodle
Version 2.7.8
Moodle
Version 2.7.9
Moodle
Version 3.0.0
Moodle
Version 3.0.0 beta
Moodle
Version 3.0.0 rc1
Moodle
Version 3.0.0 rc2
Moodle
Version 3.0.0 rc3
Moodle
Version 3.0.0 rc4
Moodle
Version 3.0.1
Moodle
Version 3.0.2
Moodle
Version 3.0.3
Moodle
Version 3.0.4
Moodle
Version 3.0.5
Moodle
Version 3.0.6
Moodle
Version 3.0.7
Moodle
Version 3.0.8
Moodle
Version 3.1.0
Moodle
Version 3.1.0 beta
Moodle
Version 3.1.0 rc1
Moodle
Version 3.1.0 rc2
Moodle
Version 3.1.1
Moodle
Version 3.1.2
Moodle
Version 3.1.3
Moodle
Version 3.1.4
Moodle
Version 3.2.0
Moodle
Version 3.2.0 beta
Moodle
Version 3.2.0 rc1
Moodle
Version 3.2.0 rc2
Moodle
Version 3.2.0 rc3
Moodle
Version 3.2.0 rc4
Moodle
Version 3.2.0 rc5
Moodle
Version 3.2.1
Moodle
Version 3.2.2

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: secalert@redhat.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.