The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
References
Configurations
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Aug 2022, 18:34
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
First Time |
Fedoraproject
Moodle Moodle moodle Fedoraproject fedora |
|
References | (MISC) https://moodle.org/mod/forum/discuss.php?d=436457 - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/ - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2106274 - Issue Tracking, Third Party Advisory | |
References | (MISC) http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029 - Patch, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
27 Jul 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-25 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-35650
Mitre link : CVE-2022-35650
CVE.ORG link : CVE-2022-35650
JSON object : View
Products Affected
fedoraproject
- fedora
moodle
- moodle