CVE-2019-10134 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=3.6 <3.6.4 || >=3.5 <3.5.6 || >=3.4 <3.4.9 || >=3.1 <3.1.18

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00191 pctl0.41277

Details

Moodle Private files uploaded via incoming mail processing could bypass quota restrictions A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.

Metadata

Created: 2022-05-24T16:48:40Z
Modified: 2024-04-23T23:39:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j8wr-7xxj-c2fr/GHSA-j8wr-7xxj-c2fr.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-j8wr-7xxj-c2fr
Finding: F184
Auto approve: 1