Msa-24-0002: forum search accepted random parameters in its url
CVE-2024-25979

5.3MEDIUM

Key Information:

Vendor

Fedora

Status
Moodle
4.2.6
Fedora
Extra Packages For Enterprise Linux
Vendor
CVE Published:
19 February 2024

What is CVE-2024-25979?

The URL parameters accepted by forum search were not limited to the allowed parameters.

Affected Version(s)

4.2.6 and 4.1.9

moodle 4.3.3

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2264095
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=455635

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Piotr Widak for reporting this issue.
.