PT-2019-11268 · Chamilo · Chamilo Lms
Ywarnier
·
Publicado
2019-02-04
·
Atualizado
2020-08-24
·
CVE-2019-1000017
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Chamilo-lms versions 1.11.8 and earlier
Description:
The issue is related to an Incorrect Access Control vulnerability in the Tickets component. This allows an authenticated user to read all tickets available on the platform due to a lack of access controls. The vulnerability can be exploited via the
ticket id variable.Recommendations:
For versions 1.11.8 and earlier, update to a version of Chamilo-lms that includes the fix committed after 33e2692a37b5b6340cf5bec1a84e541460983c03. As a temporary workaround, consider restricting access to the Tickets component to minimize the risk of exploitation.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Chamilo Lms