CVE-2018-1134

Published: May 25, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.

Affected (4)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 3.1.0 to 3.1.11
Moodle Moodle	From 3.2.0 to 3.2.8
Moodle Moodle	From 3.3.0 to 3.3.5
Moodle Moodle	From 3.4.0 to 3.4.2

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://www.securityfocus.com/bid/104307

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://moodle.org/mod/forum/discuss.php?d=371200

Source: secalert@redhat.com

PatchVendor Advisory

http://www.securityfocus.com/bid/104307

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://moodle.org/mod/forum/discuss.php?d=371200

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.