CVE-2019-3810

2025-08-04 08:44:25 +00:00 · 2019-03-15 18:54:22 -03:00 · 2019-03-15 18:54:22 -03:00 · d267f8fa7f
commit d267f8fa7f
parent d8c249c53d
1 changed files with 78 additions and 16 deletions
--- a/2019/3xxx/CVE-2019-3810.json
+++ b/2019/3xxx/CVE-2019-3810.json
@ -1,18 +1,80 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2019-3810",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3810",
+        "ASSIGNER": "lpardo@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "moodle",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "3.6.2"
+                                        },
+                                        {
+                                            "version_value": "3.5.4"
+                                        },
+                                        {
+                                            "version_value": "3.4.7"
+                                        },
+                                        {
+                                            "version_value": "3.1.16"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
 }