CVE-2011-4293 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=2.0 <2.0.4 || >=2.1 <2.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00195 pctl0.41582

Details

Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

Metadata

Created: 2022-05-13T01:13:14Z
Modified: 2024-01-17T15:47:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wxvp-8q8h-r6rr/GHSA-wxvp-8q8h-r6rr.json
CWE IDs: ["CWE-379"]
Alternative ID: GHSA-wxvp-8q8h-r6rr
Finding: F028
Auto approve: 1