CVE-2024-25979

EPSS 0.13%
Veröffentlicht 19.02.2024 17:15:08
Zuletzt bearbeitet 23.01.2025 16:47:30
Quelle patrick@puiterwijk.org
Teams Watchlist Login
Unerledigt Login

The URL parameters accepted by forum search were not limited to the allowed parameters.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moodle ≫ Moodle Version >= 4.1.0 < 4.1.9

Moodle ≫ Moodle Version >= 4.2.0 < 4.2.6

Moodle ≫ Moodle Version >= 4.3.0 < 4.3.3

Fedoraproject ≫ Fedora Version38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.326

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
patrick@puiterwijk.org	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-233 Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Mailing List

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2264095

Issue Tracking

https://moodle.org/mod/forum/discuss.php?d=455635

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25979

EUVD