bitnami
/
vulndb
mirror of https://github.com/bitnami/vulndb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
vulndb/data/moodle/BIT-moodle-2023-28333.json

110 lines
2.7 KiB
JSON
Raw Blame History

{
"schema_version": "1.5.0",
"id": "BIT-moodle-2023-28333",
"details": "The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).",
"aliases": [
"CVE-2023-28333"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "moodle",
"purl": "pkg:bitnami/moodle"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.9.0"
},
{
"fixed": "3.9.20"
},
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.13"
},
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.7"
}
]
},
{
"type": "SEMVER",
"events": [
{
"introduced": "3.9.0"
},
{
"last_affected": "3.9.0"
},
{
"introduced": "3.11.0"
},
{
"last_affected": "3.11.0"
},
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0"
},
{
"introduced": "4.1.0"
},
{
"last_affected": "4.1.0"
},
{
"introduced": "4.1.1"
},
{
"last_affected": "4.1.1"
}
]
}
]
}
],
"database_specific": {
"severity": "Critical",
"cpes": [
"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
"cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
"cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
"cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
"cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=445065"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179422"
}
],
"published": "2024-03-06T11:00:15.007Z",
"modified": "2024-04-20T07:49:38.167Z"
}
Reference in New Issue View Git Blame Copy Permalink