CVE-2019-14829

A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.

CVSS v3.0 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://git.moodle.org/gw?p=moodle.git;a=commit;h=208397c120b6bf74ca6a173e42cb527904c5ab42	Patch Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=391035	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

Information

Published : 2021-03-19 21:15

Updated : 2021-03-22 20:22

NVD link : CVE-2019-14829

Mitre link : CVE-2019-14829

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-573

Improper Following of Specification by Caller

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.moodle.org/gw?p=moodle.git;a=commit;h=208397c120b6bf74ca6a173e42cb527904c5ab42", "name": "https://git.moodle.org/gw?p=moodle.git;a=commit;h=208397c120b6bf74ca6a173e42cb527904c5ab42", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=391035", "name": "https://moodle.org/mod/forum/discuss.php?d=391035", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-573"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-14829", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2021-03-19T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.5.7", "versionStartIncluding": "3.5.0"}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.6.5", "versionStartIncluding": "3.6.0"}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.7.1", "versionStartIncluding": "3.7.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-03-22T20:22Z"}