PT-2018-10497 · Moodle · Moodle

Brendan Cox

·

Publicado

2018-05-25

·

Atualizado

2022-05-13

·

CVE-2018-1134

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 3.x
Description An issue allows students who submitted assignments and exported them to portfolios to download any stored Moodle file by changing the download URL.
Recommendations For Moodle versions 3.x, update to a version where this issue is fixed, or as a temporary workaround, consider restricting access to the portfolio export feature to prevent unauthorized file downloads.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2018-1134
GHSA-XJX9-7C29-PWMM

Produtos afetados

Moodle