Search criteria
2 vulnerabilities found for IcProgreso plugin by Innovación y Cualificación
CVE-2025-2201 (GCVE-0-2025-2201)
Vulnerability from cvelistv5 – Published: 2025-03-17 10:13 – Updated: 2025-03-17 12:18
VLAI?
Title
Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
Summary
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innovación y Cualificación | IcProgreso plugin |
Affected:
all versions
|
Credits
Julen Garrido Estevez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T12:16:17.349917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T12:18:11.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IcProgreso plugin",
"vendor": "Innovaci\u00f3n y Cualificaci\u00f3n",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julen Garrido Estevez"
}
],
"datePublic": "2025-03-11T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
}
],
"value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T10:15:07.196Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
}
],
"value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken access control vulnerability in the Innovaci\u00f3n y Cualificaci\u00f3n IcProgreso plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-2201",
"datePublished": "2025-03-17T10:13:48.361Z",
"dateReserved": "2025-03-11T09:52:09.599Z",
"dateUpdated": "2025-03-17T12:18:11.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2201 (GCVE-0-2025-2201)
Vulnerability from nvd – Published: 2025-03-17 10:13 – Updated: 2025-03-17 12:18
VLAI?
Title
Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
Summary
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innovación y Cualificación | IcProgreso plugin |
Affected:
all versions
|
Credits
Julen Garrido Estevez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T12:16:17.349917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T12:18:11.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IcProgreso plugin",
"vendor": "Innovaci\u00f3n y Cualificaci\u00f3n",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julen Garrido Estevez"
}
],
"datePublic": "2025-03-11T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
}
],
"value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T10:15:07.196Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
}
],
"value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken access control vulnerability in the Innovaci\u00f3n y Cualificaci\u00f3n IcProgreso plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-2201",
"datePublished": "2025-03-17T10:13:48.361Z",
"dateReserved": "2025-03-11T09:52:09.599Z",
"dateUpdated": "2025-03-17T12:18:11.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}