PT-2019-11268 · Chamilo · Chamilo Lms

Ywarnier

Published

2019-02-04

Updated

2020-08-24

CVE-2019-1000017

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Chamilo-lms versions 1.11.8 and earlier

Description: The issue is related to an Incorrect Access Control vulnerability in the Tickets component. This allows an authenticated user to read all tickets available on the platform due to a lack of access controls. The vulnerability can be exploited via the ticket id variable.

Recommendations: For versions 1.11.8 and earlier, update to a version of Chamilo-lms that includes the fix committed after 33e2692a37b5b6340cf5bec1a84e541460983c03. As a temporary workaround, consider restricting access to the Tickets component to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-1000017

Affected Products

Chamilo Lms

PT-2019-11268 · Chamilo · Chamilo Lms

CVE-2019-1000017

Weakness Enumeration

Related Identifiers

Affected Products

References · 4