Denial of Service Vulnerability in Moodle by Moodle
CVE-2020-14322

7.5HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 16 August 2022

What is CVE-2020-14322?

In Moodle versions prior to 3.9.1, 3.8.4, 3.7.7, and 3.5.13, the yui_combo feature lacks proper file loading restrictions. This oversight makes the platform susceptible to denial of service attacks, as malicious actors could exploit this vulnerability to overload the system by excessively loading files, potentially leading to service interruptions.

Affected Version(s)

Moodle Moodle 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions

References

https://moodle.org/mod/forum/discuss.php?d=407394

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2022
Vulnerability Reserved
Jun 17, 2020

CVE-2020-14322 Data

JSON