CVE-2024-25979

EPSS 0.16%
Veröffentlicht 19.02.2024 17:15:08
Zuletzt bearbeitet 23.01.2025 16:47:30
Quelle patrick@puiterwijk.org
CVE-Watchlists
Login
Unerledigt
Login

Msa-24-0002: forum search accepted random parameters in its url

The URL parameters accepted by forum search were not limited to the allowed parameters.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moodle ≫ Moodle Version >= 4.1.0 < 4.1.9

Moodle ≫ Moodle Version >= 4.2.0 < 4.2.6

Moodle ≫ Moodle Version >= 4.3.0 < 4.3.3

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.375

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
patrick@puiterwijk.org	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-233 Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Mailing List

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2264095

Issue Tracking

https://moodle.org/mod/forum/discuss.php?d=455635

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25979

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-25979