CVE-2021-20281

Description

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Related CPE's

amoodlemoodle********

amoodlemoodle********

amoodlemoodle********

amoodlemoodle********

ofedoraprojectfedora32*******

ofedoraprojectfedora34*******

References

https://moodle.org/mod/forum/discuss.php?d=419652

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1939041

Issue TrackingThird Party Advisory

FEDORA-2021-1c27e89d49

Mailing ListThird Party Advisory

FEDORA-2021-50f63a0161

Mailing ListThird Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

LOW

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

5.3

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:N/A:N

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

5

Created by Yello
About Severity.io