Merge pull request #1759 from RedHatProductSecurity/CVE-2019-3847

CVE-2019-3847
2025-06-19 17:32:41 +00:00 · 2019-03-27 08:25:09 -04:00 · 2019-03-27 08:25:09 -04:00 · 48a30b91b4
commit 48a30b91b4
parent 9fc329ae1e f954906dcf
1 changed files with 73 additions and 8 deletions
--- a/2019/3xxx/CVE-2019-3847.json
+++ b/2019/3xxx/CVE-2019-3847.json
@ -1,18 +1,83 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3847",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3847",
+        "ASSIGNER": "lpardo@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "moodle",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "3.6.3"
+                                        },
+                                        {
+                                            "version_value": "3.5.5"
+                                        },
+                                        {
+                                            "version_value": "3.4.8"
+                                        },
+                                        {
+                                            "version_value": "3.1.17"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-285"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}