admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2019/3xxx/CVE-2019-3847.json
CVE Team f05db6cc39
"-Synchronized-Data."
2019-04-04 15:00:45 +00:00

91 lines
3.1 KiB
JSON
Raw Blame History

{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3847",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.6 to 3.6.2"
},
{
"version_value": "3.5 to 3.5.4"
},
{
"version_value": "3.4 to 3.4.7"
},
{
"version_value": "3.1 to 3.1.16 and earlier unsupported versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "107489",
"url": "http://www.securityfocus.com/bid/107489"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847",
"refsource": "CONFIRM"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742",
"refsource": "MISC",
"name": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
}
}
Reference in New Issue View Git Blame Copy Permalink