diff --git a/advisories/github-reviewed/2024/06/GHSA-356g-7x36-7m34/GHSA-356g-7x36-7m34.json b/advisories/github-reviewed/2024/06/GHSA-356g-7x36-7m34/GHSA-356g-7x36-7m34.json new file mode 100644 index 0000000000000..dc914fc7473e1 --- /dev/null +++ b/advisories/github-reviewed/2024/06/GHSA-356g-7x36-7m34/GHSA-356g-7x36-7m34.json @@ -0,0 +1,186 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-356g-7x36-7m34", + "modified": "2024-06-18T22:45:39Z", + "published": "2024-06-18T21:30:36Z", + "aliases": [ + "CVE-2024-38276" + ], + "summary": "Moodle CSRF risks due to misuse of confirm_sesskey", + "details": "Incorrect CSRF token checks resulted in multiple CSRF risks.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.4.0-beta" + }, + { + "fixed": "4.4.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.3.0-beta" + }, + { + "fixed": "4.3.5" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.2.0-beta" + }, + { + "fixed": "4.2.8" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.1.11" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38276" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/f2807dee5bc777d9c58b7a70cba6e4c21ee02ea1" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/e23f603c41055ab92f9b430cf0e7a54b4e120f95" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/e1dab5f38166a2ff62983178f7bf8f0ed3a61090" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/dc84fcfab06a4a0fe37797b8422e9fe3a1031c3e" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/da8e8cee6ffaf7c184eded97e1016f20c9de0561" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/c5b1604e8136db6d72057dd8052955058489206c" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/c1aacb3e2884ea4dcc221c5ef2e449ce345f78ae" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/c18b59808cefe7b54c85dce6bf2cc71601080667" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/a0d8c025f732d5c18a2b9d1a8e5cbee35dce86f4" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/9af9711c0a78ebad87d49bcb369ff813bc57d0a7" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/756090ed79aa056d0b5f58e7a1dff67f139f76b4" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/57f20b6cb352893871c3afdfa8a4c09a96e16764" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/31ced0851189a6879e4cd27c7e65d21dd9d6e87e" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/30fadc3686fa7490860a0bd87a29636139dfb371" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/137d311fd1354c679b974633512a771e6e0559a1" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/093aedf79889114d004495f05969168b646b0285" + }, + { + "type": "WEB", + "url": "https://moodle.org/mod/forum/discuss.php?d=459501" + }, + { + "type": "PACKAGE", + "url": "https://github.com/moodle/moodle" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-06-18T22:45:39Z", + "nvd_published_at": "2024-06-18T20:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/06/GHSA-p2cj-86v4-7782/GHSA-p2cj-86v4-7782.json b/advisories/github-reviewed/2024/06/GHSA-p2cj-86v4-7782/GHSA-p2cj-86v4-7782.json new file mode 100644 index 0000000000000..3b6e90681d3cb --- /dev/null +++ b/advisories/github-reviewed/2024/06/GHSA-p2cj-86v4-7782/GHSA-p2cj-86v4-7782.json @@ -0,0 +1,138 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p2cj-86v4-7782", + "modified": "2024-06-18T22:45:35Z", + "published": "2024-06-18T21:30:36Z", + "aliases": [ + "CVE-2024-38275" + ], + "summary": "Moodle HTTP authorization header is preserved between \"emulated redirects\"", + "details": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.4.0-beta" + }, + { + "fixed": "4.4.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.3.0-beta" + }, + { + "fixed": "4.3.5" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.2.0-beta" + }, + { + "fixed": "4.2.8" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.1.11" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38275" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/0df3c5837a592e6663c4d531ff6a1f776bc2f785" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/3e38c84315a7991ce5ef5f241f5e873b5ca24f01" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/836b2c23a210317d130017d77bb64e3b510869a9" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/f7988538b2208c55f2c40ce4f0815901dc88049b" + }, + { + "type": "PACKAGE", + "url": "https://github.com/moodle/moodle" + }, + { + "type": "WEB", + "url": "https://moodle.org/mod/forum/discuss.php?d=459500" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-226" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-06-18T22:45:35Z", + "nvd_published_at": "2024-06-18T20:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/06/GHSA-p5cg-6rfr-6mx8/GHSA-p5cg-6rfr-6mx8.json b/advisories/github-reviewed/2024/06/GHSA-p5cg-6rfr-6mx8/GHSA-p5cg-6rfr-6mx8.json new file mode 100644 index 0000000000000..c5ca5b751f736 --- /dev/null +++ b/advisories/github-reviewed/2024/06/GHSA-p5cg-6rfr-6mx8/GHSA-p5cg-6rfr-6mx8.json @@ -0,0 +1,122 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p5cg-6rfr-6mx8", + "modified": "2024-06-18T22:45:19Z", + "published": "2024-06-18T21:30:36Z", + "aliases": [ + "CVE-2024-38274" + ], + "summary": "Moodle stored XSS via calendar's event title when deleting the event", + "details": "Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.4.0-beta" + }, + { + "fixed": "4.4.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.3.0-beta" + }, + { + "fixed": "4.3.5" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.2.0-beta" + }, + { + "fixed": "4.2.8" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.1.11" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38274" + }, + { + "type": "PACKAGE", + "url": "https://github.com/moodle/moodle" + }, + { + "type": "WEB", + "url": "https://moodle.org/mod/forum/discuss.php?d=459499" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-06-18T22:45:19Z", + "nvd_published_at": "2024-06-18T20:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/06/GHSA-p7r8-7w87-8g46/GHSA-p7r8-7w87-8g46.json b/advisories/github-reviewed/2024/06/GHSA-p7r8-7w87-8g46/GHSA-p7r8-7w87-8g46.json new file mode 100644 index 0000000000000..78ef34d355a6d --- /dev/null +++ b/advisories/github-reviewed/2024/06/GHSA-p7r8-7w87-8g46/GHSA-p7r8-7w87-8g46.json @@ -0,0 +1,65 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p7r8-7w87-8g46", + "modified": "2024-06-18T22:45:26Z", + "published": "2024-06-18T21:30:36Z", + "aliases": [ + "CVE-2024-37821" + ], + "summary": "Dolibarr arbitrary file upload vulnerability", + "details": "An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "dolibarr/dolibarr" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "19.0.2" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37821" + }, + { + "type": "PACKAGE", + "url": "https://github.com/Dolibarr/dolibarr" + }, + { + "type": "WEB", + "url": "https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "HIGH", + "github_reviewed": true, + "github_reviewed_at": "2024-06-18T22:45:26Z", + "nvd_published_at": "2024-06-18T20:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/github-reviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json b/advisories/github-reviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json new file mode 100644 index 0000000000000..0799bd27607f9 --- /dev/null +++ b/advisories/github-reviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json @@ -0,0 +1,138 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r82w-3phg-qvr4", + "modified": "2024-06-18T22:45:45Z", + "published": "2024-06-18T21:30:36Z", + "aliases": [ + "CVE-2024-38277" + ], + "summary": "Moodle uses the same key for QR login and auto-login", + "details": "A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.4.0-beta" + }, + { + "fixed": "4.4.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.3.0-beta" + }, + { + "fixed": "4.3.5" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.2.0-beta" + }, + { + "fixed": "4.2.8" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "moodle/moodle" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "4.1.11" + } + ] + } + ] + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38277" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/0caedaab7cd5a46331d56654ce9301b0a5a04c56" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/1aea4a15281d81f2414a95aa485b8a6551708f57" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/ad46a97f5355f0451d52e9f1a0f528d9a6f12e06" + }, + { + "type": "WEB", + "url": "https://github.com/moodle/moodle/commit/d05795db8eece2943241a29a5443fb4685ba6070" + }, + { + "type": "PACKAGE", + "url": "https://github.com/moodle/moodle" + }, + { + "type": "WEB", + "url": "https://moodle.org/mod/forum/discuss.php?d=459502" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-324" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-06-18T22:45:45Z", + "nvd_published_at": "2024-06-18T20:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/06/GHSA-356g-7x36-7m34/GHSA-356g-7x36-7m34.json b/advisories/unreviewed/2024/06/GHSA-356g-7x36-7m34/GHSA-356g-7x36-7m34.json deleted file mode 100644 index a0244802df90b..0000000000000 --- a/advisories/unreviewed/2024/06/GHSA-356g-7x36-7m34/GHSA-356g-7x36-7m34.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-356g-7x36-7m34", - "modified": "2024-06-18T21:30:36Z", - "published": "2024-06-18T21:30:36Z", - "aliases": [ - "CVE-2024-38276" - ], - "details": "Incorrect CSRF token checks resulted in multiple CSRF risks.", - "severity": [ - - ], - "affected": [ - - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38276" - }, - { - "type": "WEB", - "url": "https://moodle.org/mod/forum/discuss.php?d=459501" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-352" - ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2024-06-18T20:15:14Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2024/06/GHSA-p2cj-86v4-7782/GHSA-p2cj-86v4-7782.json b/advisories/unreviewed/2024/06/GHSA-p2cj-86v4-7782/GHSA-p2cj-86v4-7782.json deleted file mode 100644 index 335ec5c464f94..0000000000000 --- a/advisories/unreviewed/2024/06/GHSA-p2cj-86v4-7782/GHSA-p2cj-86v4-7782.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-p2cj-86v4-7782", - "modified": "2024-06-18T21:30:36Z", - "published": "2024-06-18T21:30:36Z", - "aliases": [ - "CVE-2024-38275" - ], - "details": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.", - "severity": [ - - ], - "affected": [ - - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38275" - }, - { - "type": "WEB", - "url": "https://moodle.org/mod/forum/discuss.php?d=459500" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-226" - ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2024-06-18T20:15:13Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2024/06/GHSA-p5cg-6rfr-6mx8/GHSA-p5cg-6rfr-6mx8.json b/advisories/unreviewed/2024/06/GHSA-p5cg-6rfr-6mx8/GHSA-p5cg-6rfr-6mx8.json deleted file mode 100644 index deb1de686adf0..0000000000000 --- a/advisories/unreviewed/2024/06/GHSA-p5cg-6rfr-6mx8/GHSA-p5cg-6rfr-6mx8.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-p5cg-6rfr-6mx8", - "modified": "2024-06-18T21:30:36Z", - "published": "2024-06-18T21:30:36Z", - "aliases": [ - "CVE-2024-38274" - ], - "details": "Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.", - "severity": [ - - ], - "affected": [ - - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38274" - }, - { - "type": "WEB", - "url": "https://moodle.org/mod/forum/discuss.php?d=459499" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-79" - ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2024-06-18T20:15:13Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2024/06/GHSA-p7r8-7w87-8g46/GHSA-p7r8-7w87-8g46.json b/advisories/unreviewed/2024/06/GHSA-p7r8-7w87-8g46/GHSA-p7r8-7w87-8g46.json deleted file mode 100644 index 8665fa34acebf..0000000000000 --- a/advisories/unreviewed/2024/06/GHSA-p7r8-7w87-8g46/GHSA-p7r8-7w87-8g46.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-p7r8-7w87-8g46", - "modified": "2024-06-18T21:30:36Z", - "published": "2024-06-18T21:30:36Z", - "aliases": [ - "CVE-2024-37821" - ], - "details": "An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.", - "severity": [ - - ], - "affected": [ - - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37821" - }, - { - "type": "WEB", - "url": "https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md" - }, - { - "type": "WEB", - "url": "http://dolibarr.com" - } - ], - "database_specific": { - "cwe_ids": [ - - ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2024-06-18T20:15:13Z" - } -} \ No newline at end of file diff --git a/advisories/unreviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json b/advisories/unreviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json deleted file mode 100644 index f645487967204..0000000000000 --- a/advisories/unreviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-r82w-3phg-qvr4", - "modified": "2024-06-18T21:30:36Z", - "published": "2024-06-18T21:30:36Z", - "aliases": [ - "CVE-2024-38277" - ], - "details": "A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.", - "severity": [ - - ], - "affected": [ - - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38277" - }, - { - "type": "WEB", - "url": "https://moodle.org/mod/forum/discuss.php?d=459502" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-324" - ], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, - "nvd_published_at": "2024-06-18T20:15:14Z" - } -} \ No newline at end of file