CVE-2023-5548 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 LOW	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
moodle	moodle	𝑥 < 3.9.24
moodle	moodle	3.11.0 ≤ 𝑥 < 3.11.17
moodle	moodle	4.0.0 ≤ 𝑥 < 4.0.11
moodle	moodle	4.1.0 ≤ 𝑥 < 4.1.6
moodle	moodle	4.2.0 ≤ 𝑥 < 4.2.3
fedoraproject	extra_packages_for_enterprise_linux	7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

moodle

bionic	needs-triage
focal	dne
jammy	dne
lunar	dne
mantic	dne
noble	dne
oracular	dne
trusty	ignored
xenial	needs-triage

Common Weakness Enumeration

CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846

https://bugzilla.redhat.com/show_bug.cgi?id=2243449

https://moodle.org/mod/forum/discuss.php?d=451589

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846

https://bugzilla.redhat.com/show_bug.cgi?id=2243449

https://moodle.org/mod/forum/discuss.php?d=451589