5.3

CVE-2023-5548

Moodle: cache poisoning risk with endpoint revision numbers

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoodleMoodle Version < 3.9.24
MoodleMoodle Version >= 3.11.0 < 3.11.17
MoodleMoodle Version >= 4.0.0 < 4.0.11
MoodleMoodle Version >= 4.1.0 < 4.1.6
MoodleMoodle Version >= 4.2.0 < 4.2.3
FedoraprojectFedora Version38
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.209
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
patrick@puiterwijk.org 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2243449
Patch
Third Party Advisory
Issue Tracking
https://moodle.org/mod/forum/discuss.php?d=451589
Patch
Vendor Advisory