← Volver a CVEs

CVE-2019-3848

MEDIUM

4.3

Descripcion

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)

Detalles CVE

Puntuacion CVSS v3.14.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado3/26/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

moodle:moodle

Debilidades (CWE)

CWE-863CWE-863

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848(secalert@redhat.com)

https://moodle.org/mod/forum/discuss.php?d=384011#p1547743(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848(af854a3a-2127-422b-91ae-364da2661108)

https://moodle.org/mod/forum/discuss.php?d=384011#p1547743(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.