MEDIUM6.5
Уязвимость метода .position() библиотеки jQuery UI, позволяющая нарушителю выполнить произвольный код
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NCVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:NСсылки
Серьёзность:
Закрытые проблемы (47)
CRITICAL9.8
Уязвимость виртуальной обучающей среды Moodle, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
CVSS 3.xКРИТИЧЕСКАЯ 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CСсылки
HIGH8.8
Уязвимость виртуальной обучающей среды Moodle, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0КРИТИЧЕСКАЯ 9.0
CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM5.4
Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVSS 2.0СРЕДНЯЯ 5.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:NСсылки
MEDIUM6.1
Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCVSS 2.0СРЕДНЯЯ 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:NСсылки
LOW3.3
Уязвимость виртуальной обучающей среды Moodle, связанная с раскрытием конфиденциальной информации несанкционированному субъекту, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCVSS 2.0НИЗКАЯ 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:N/A:NСсылки
MEDIUM6.1
Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NCVSS 2.0СРЕДНЯЯ 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:NСсылки
HIGH8.0
Уязвимость функции phpCAS::setUrl() библиотеки аутентификации phpCAS, позволяющая нарушителю получить доступ к учетной записи пользователя
CVSS 3.xВЫСОКАЯ 8.0
CVSS:3.x/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HCVSS 2.0КРИТИЧЕСКАЯ 9.0
CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM6.1
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-contrib-2022-004
- https://www.drupal.org/sa-core-2022-002
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-09
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-contrib-2022-004
- https://www.drupal.org/sa-core-2022-002
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-09
MEDIUM6.1
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://bugs.jqueryui.com/ticket/15284
- https://github.com/jquery/jquery-ui/pull/1953
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-contrib-2022-004
- https://www.drupal.org/sa-core-2022-001
- https://www.drupal.org/sa-core-2022-002
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-09
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://bugs.jqueryui.com/ticket/15284
- https://github.com/jquery/jquery-ui/pull/1953
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-contrib-2022-004
- https://www.drupal.org/sa-core-2022-001
- https://www.drupal.org/sa-core-2022-002
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-09
MEDIUM6.1
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-core-2022-001
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-09
- http://seclists.org/fulldisclosure/2024/Aug/37
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-core-2022-001
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-09
MEDIUM6.1
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/
- https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
- https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XBR3G3JR5ZIOJDO4224M3INXDS2VFDD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5LGNTICB5BRFAG3DHVVELS6H3CZSQMO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB2FJQXCNHO32VGVOC6DY6IPGVE4VDU6/
- https://security.netapp.com/advisory/ntap-20220909-0007/
- https://www.drupal.org/sa-contrib-2022-052
- https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/
- https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
- https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XBR3G3JR5ZIOJDO4224M3INXDS2VFDD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5LGNTICB5BRFAG3DHVVELS6H3CZSQMO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB2FJQXCNHO32VGVOC6DY6IPGVE4VDU6/
- https://security.netapp.com/advisory/ntap-20220909-0007/
- https://www.drupal.org/sa-contrib-2022-052
HIGH8.0
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to "^(https)://.*") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior.
CVSS 3.xВЫСОКАЯ 8.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HСсылки
- https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
- https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/
- https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
- https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE/
NONE
NONE
NONE
NONE
NONE
NONE
NONE
NONE
NONE
HIGH8.8
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
- https://bugzilla.redhat.com/show_bug.cgi?id=2243352
- https://moodle.org/mod/forum/discuss.php?d=451580
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
- https://bugzilla.redhat.com/show_bug.cgi?id=2243352
- https://moodle.org/mod/forum/discuss.php?d=451580
HIGH8.8
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
- https://bugzilla.redhat.com/show_bug.cgi?id=2243432
- https://moodle.org/mod/forum/discuss.php?d=451581
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
- https://bugzilla.redhat.com/show_bug.cgi?id=2243432
- https://moodle.org/mod/forum/discuss.php?d=451581
MEDIUM6.1
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426
- https://bugzilla.redhat.com/show_bug.cgi?id=2243437
- https://moodle.org/mod/forum/discuss.php?d=451582
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426
- https://bugzilla.redhat.com/show_bug.cgi?id=2243437
- https://moodle.org/mod/forum/discuss.php?d=451582
MEDIUM5.4
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509
- https://bugzilla.redhat.com/show_bug.cgi?id=2243443
- https://moodle.org/mod/forum/discuss.php?d=451585
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509
- https://bugzilla.redhat.com/show_bug.cgi?id=2243443
- https://moodle.org/mod/forum/discuss.php?d=451585
MEDIUM5.3
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
- https://bugzilla.redhat.com/show_bug.cgi?id=2243444
- https://moodle.org/mod/forum/discuss.php?d=451586
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
- https://bugzilla.redhat.com/show_bug.cgi?id=2243444
- https://moodle.org/mod/forum/discuss.php?d=451586
MEDIUM6.1
The course upload preview contained an XSS risk for users uploading unsafe data.
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455
- https://bugzilla.redhat.com/show_bug.cgi?id=2243447
- https://moodle.org/mod/forum/discuss.php?d=451588
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455
- https://bugzilla.redhat.com/show_bug.cgi?id=2243447
- https://moodle.org/mod/forum/discuss.php?d=451588
MEDIUM5.3
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846
- https://bugzilla.redhat.com/show_bug.cgi?id=2243449
- https://moodle.org/mod/forum/discuss.php?d=451589
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846
- https://bugzilla.redhat.com/show_bug.cgi?id=2243449
- https://moodle.org/mod/forum/discuss.php?d=451589
MEDIUM5.3
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730
- https://bugzilla.redhat.com/show_bug.cgi?id=2243451
- https://moodle.org/mod/forum/discuss.php?d=451590
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730
- https://bugzilla.redhat.com/show_bug.cgi?id=2243451
- https://moodle.org/mod/forum/discuss.php?d=451590
CRITICAL9.8
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVSS 3.xКРИТИЧЕСКАЯ 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249
- https://bugzilla.redhat.com/show_bug.cgi?id=2243452
- https://moodle.org/mod/forum/discuss.php?d=451591
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249
- https://bugzilla.redhat.com/show_bug.cgi?id=2243452
- https://moodle.org/mod/forum/discuss.php?d=451591
LOW3.3
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NСсылки
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
- https://bugzilla.redhat.com/show_bug.cgi?id=2243453
- https://moodle.org/mod/forum/discuss.php?d=451592
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
- https://bugzilla.redhat.com/show_bug.cgi?id=2243453
- https://moodle.org/mod/forum/discuss.php?d=451592
MEDIUM5.3
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5545
- https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53
- https://bugzilla.redhat.com/show_bug.cgi?id=2243444
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451586
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
MEDIUM6.1
Moodle Cross-site Scripting vulnerability
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5541
- https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233
- https://bugzilla.redhat.com/show_bug.cgi?id=2243437
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451582
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426
MEDIUM4.7
Moodle Code Injection vulnerability
CVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5539
- https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce
- https://bugzilla.redhat.com/show_bug.cgi?id=2243352
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451580
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
MEDIUM6.5
Moodle Code Injection vulnerability
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5550
- https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7
- https://bugzilla.redhat.com/show_bug.cgi?id=2243452
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451591
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249
HIGH8.0
phpCAS vulnerable to Service Hostname Discovery Exploitation
CVSS 3.xВЫСОКАЯ 8.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HСсылки
- https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
- https://nvd.nist.gov/vuln/detail/CVE-2022-39369
- https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163
- https://github.com/apereo/phpCAS
- https://github.com/apereo/phpCAS/releases/tag/1.6.0
- https://lists.debian.org/debian-lts-announce/2023/07/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUA2JM6YT3ZXSZLBJVRA32AXYM3GJMO3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJZGTWJ5ZXUUT47EHARNOUUNTH6SYDSE
MEDIUM6.5
XSS in the `altField` option of the Datepicker widget in jquery-ui
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NСсылки
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
- https://nvd.nist.gov/vuln/detail/CVE-2021-41182
- https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63
- https://www.tenable.com/security/tns-2022-09
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.drupal.org/sa-core-2022-002
- https://www.drupal.org/sa-contrib-2022-004
- https://security.netapp.com/advisory/ntap-20211118-0004
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2021-41182.yml
- https://github.com/jquery/jquery-ui
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released
MEDIUM6.1
Moodle Cross-site Scripting vulnerability
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5547
- https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079
- https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e
- https://bugzilla.redhat.com/show_bug.cgi?id=2243447
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451588
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455
MEDIUM5.3
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5548
- https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933
- https://bugzilla.redhat.com/show_bug.cgi?id=2243449
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451589
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846
MEDIUM5.3
Moodle Improper Access Control vulnerability
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5549
- https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75
- https://bugzilla.redhat.com/show_bug.cgi?id=2243451
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451590
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730
MEDIUM6.5
XSS in the `of` option of the `.position()` util in jquery-ui
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NСсылки
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
- https://nvd.nist.gov/vuln/detail/CVE-2021-41184
- https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
- https://www.tenable.com/security/tns-2022-09
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.drupal.org/sa-core-2022-001
- https://security.netapp.com/advisory/ntap-20211118-0004
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://github.com/jquery/jquery-ui
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released
- http://seclists.org/fulldisclosure/2024/Aug/37
MEDIUM6.1
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NСсылки
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
- https://nvd.nist.gov/vuln/detail/CVE-2022-31160
- https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
- https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released
- https://github.com/jquery-ui-rails/jquery-ui-rails/blob/master/VERSIONS.md
- https://github.com/jquery-ui-rails/jquery-ui-rails/releases/tag/v8.0.0-release
- https://github.com/jquery/jquery-ui
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2022-31160.yml
- https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XBR3G3JR5ZIOJDO4224M3INXDS2VFDD
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5LGNTICB5BRFAG3DHVVELS6H3CZSQMO
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB2FJQXCNHO32VGVOC6DY6IPGVE4VDU6
- https://security.netapp.com/advisory/ntap-20220909-0007
- https://www.drupal.org/sa-contrib-2022-052
MEDIUM5.4
Moodle Cross-site Scripting vulnerability
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5544
- https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f
- https://bugzilla.redhat.com/show_bug.cgi?id=2243443
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451585
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509
MEDIUM6.5
XSS in `*Text` options of the Datepicker widget in jquery-ui
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NСсылки
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
- https://nvd.nist.gov/vuln/detail/CVE-2021-41183
- https://github.com/jquery/jquery-ui/pull/1953
- https://www.tenable.com/security/tns-2022-09
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.drupal.org/sa-core-2022-002
- https://www.drupal.org/sa-core-2022-001
- https://www.drupal.org/sa-contrib-2022-004
- https://security.netapp.com/advisory/ntap-20211118-0004
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://github.com/jquery/jquery-ui
- https://bugs.jqueryui.com/ticket/15284
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released
LOW3.3
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5551
- https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0
- https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a
- https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85
- https://bugzilla.redhat.com/show_bug.cgi?id=2243453
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451592
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
HIGH8.8
Moodle Code Injection vulnerability
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5540
- https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522
- https://bugzilla.redhat.com/show_bug.cgi?id=2243432
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=451581
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409