GHSA-5w4h-xrr5-7273

Suggest an improvement
Source
https://github.com/advisories/GHSA-5w4h-xrr5-7273
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5w4h-xrr5-7273/GHSA-5w4h-xrr5-7273.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-5w4h-xrr5-7273
Aliases
Published
2022-05-13T01:34:55Z
Modified
2024-04-24T00:11:51.292619Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Details

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the corecourseget_categories web service to return hidden categories, which should be omitted when fetching course categories.

Database specific
{
    "nvd_published_at": "2018-07-10T18:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:41:46Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1
Fixed
3.1.13

Affected versions

v3.*

v3.1.0-beta
v3.1.0-rc1
v3.1.0-rc2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.1.10
v3.1.11
v3.1.12

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.3
Fixed
3.3.7

Affected versions

v3.*

v3.3.0-beta
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.4
Fixed
3.4.4

Affected versions

v3.*

v3.4.0-beta
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.4.0
v3.4.1
v3.4.2
v3.4.3

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5
Fixed
3.5.1

Affected versions

v3.*

v3.5.0-beta
v3.5.0-rc1
v3.5.0