6.5

CVE-2019-1000017

EPSS 0.23%
Veröffentlicht 04.02.2019 21:29:01
Zuletzt bearbeitet 21.11.2024 04:17:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chamilo ≫ Chamilo Lms Version <= 1.11.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.461

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03

Patch

Third Party Advisory

https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1000017

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1000017

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1000017

EUVD