Base Score

MEDIUM6.3

CVE-2017-7489

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateMay 15, 2017, 14:29

Affected Versions(4)

moodle/moodle(Packagist)

Introduced3.2

Fixed3.2.3

LimitN/A

moodle/moodle(Packagist)

Introduced3.1

Fixed3.1.6

LimitN/A

moodle/moodle(Packagist)

Introduced3.0

Fixed3.0.10

LimitN/A

moodle/moodle(Packagist)

Introduced2.7

Fixed2.7.20

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
moodle/moodle(Packagist)	3.2	3.2.3	N/A
moodle/moodle(Packagist)	3.1	3.1.6	N/A
moodle/moodle(Packagist)	3.0	3.0.10	N/A
moodle/moodle(Packagist)	2.7	2.7.20	N/A

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

6.3

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

https://moodle.org/mod/forum/discuss.php?d=352353

Base Score

MEDIUM6.3

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

6.3

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW