CVE-2018-1135

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1135
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1135.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1135
Aliases
Related
Published
2018-05-25T12:29:00Z
Modified
2024-10-12T03:07:38.841174Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

References

Affected packages

Git / github.com/moodle/moodle

Affected versions

v3.*

v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.3.0
v3.3.0-beta
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.4.0
v3.4.0-beta
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.4.1
v3.4.2