NVD

Id
29055  
Name
CVE-2014-0125  
Description
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file"s owner.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-03-24  
Modified Date
2014-03-24  
Seq
2014-0125  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
153531 29055 CVE-2014-0125 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409  View
153532 29055 CVE-2014-0125 [oss-security] 20140317 Moodle security notifications public  View
153533 29055 CVE-2014-0125 https://moodle.org/mod/forum/discuss.php?d=256422  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12911 JVNDB-2014-001786 Moodle の repository/alfresco/lib.php における Alfresco Repository ファイルの制限を回避される脆弱性 Moodle の repository/alfresco/lib.php は、セッションキーを URL 内に配置するため、Alfresco Repository ファイルの制限を回避される脆弱性が存在します。 CVE-2014-0125 67526 CVE-2014-0125 29055 5.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001786.html 2014-03-17 2014-03-26 View