CVE-2023-5548 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.3 LOW	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
fedora	CNA	3.3 LOW	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
moodle	moodle	𝑥 < 3.9.24
moodle	moodle	3.11.0 ≤ 𝑥 < 3.11.17
moodle	moodle	4.0.0 ≤ 𝑥 < 4.0.11
moodle	moodle	4.1.0 ≤ 𝑥 < 4.1.6
moodle	moodle	4.2.0 ≤ 𝑥 < 4.2.3
fedoraproject	extra_packages_for_enterprise_linux	7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

moodle

oracular	dne
noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	dne
bionic	needs-triage
xenial	needs-triage
trusty	ignored

Common Weakness Enumeration

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846

https://bugzilla.redhat.com/show_bug.cgi?id=2243449

https://moodle.org/mod/forum/discuss.php?d=451589

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846

https://bugzilla.redhat.com/show_bug.cgi?id=2243449

https://moodle.org/mod/forum/discuss.php?d=451589