CVE-2018-1082

{"id": "CVE-2018-1082", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2018-04-04T21:29:00.290", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/103725", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=367939", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site."}, {"lang": "es", "value": "Se ha encontrado un error en Moodle 3.4 a 3.4.1 y 3.3 a 3.3.4. Si una cuenta de usuario que emplea el m\u00e9todo de autenticaci\u00f3n OAuth2 se confirm\u00f3 una vez, pero se suspendi\u00f3 despu\u00e9s, el usuario podr\u00eda seguir siendo capaz de iniciar sesi\u00f3n en el sitio."}], "lastModified": "2019-10-09T23:38:04.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA13AD24-03DF-41C9-9704-6A99BD4F8E6F", "versionEndIncluding": "3.3.4", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC5A1734-A655-46D2-B320-F3DF8AA822B6", "versionEndIncluding": "3.4.1", "versionStartIncluding": "3.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}