FKIE_CVE-2023-5550

Vulnerability from fkie_nvd - Published: 2023-11-09 20:15 - Updated: 2024-11-21 08:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
References
patrick@puiterwijk.orghttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249Patch
patrick@puiterwijk.orghttps://bugzilla.redhat.com/show_bug.cgi?id=2243452Issue Tracking, Third Party Advisory
patrick@puiterwijk.orghttps://moodle.org/mod/forum/discuss.php?d=451591Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2243452Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://moodle.org/mod/forum/discuss.php?d=451591Patch, Vendor Advisory
Impacted products
Vendor Product Version
moodle moodle *
moodle moodle *
moodle moodle *
moodle moodle *
moodle moodle *
fedoraproject extra_packages_for_enterprise_linux 7.0
fedoraproject fedora 38
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706",
              "versionEndExcluding": "3.9.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8",
              "versionEndExcluding": "3.11.17",
              "versionStartIncluding": "3.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C",
              "versionEndExcluding": "4.0.11",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A",
              "versionEndExcluding": "4.1.6",
              "versionStartIncluding": "4.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078",
              "versionEndExcluding": "4.2.3",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In a shared hosting environment that has been misconfigured to allow access to other users\u0027 content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution."
    },
    {
      "lang": "es",
      "value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle que tambi\u00e9n tiene acceso directo al servidor web fuera del root web de Moodle podr\u00eda utilizar un archivo local incluido para lograr la ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "id": "CVE-2023-5550",
  "lastModified": "2024-11-21T08:41:59.613",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "patrick@puiterwijk.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-09T20:15:10.867",
  "references": [
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-72249"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=451591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-72249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=451591"
    }
  ],
  "sourceIdentifier": "patrick@puiterwijk.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "patrick@puiterwijk.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.