Publish Advisories

GHSA-cr78-rphw-w73p GHSA-cr78-rphw-w73p
2023-12-29 21:02:04 +00:00 · 2023-12-29 21:02:04 +00:00 · 42726f75bb
--- a/advisories/github-reviewed/2022/05/GHSA-cr78-rphw-w73p/GHSA-cr78-rphw-w73p.json
+++ b/advisories/github-reviewed/2022/05/GHSA-cr78-rphw-w73p/GHSA-cr78-rphw-w73p.json
@ -0,0 +1,143 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cr78-rphw-w73p",
+  "modified": "2023-12-29T21:00:53Z",
+  "published": "2022-05-13T01:12:55Z",
+  "aliases": [
+    "CVE-2012-6099"
+  ],
+  "summary": "Moodle Arbitrary File Read via Backup Functionality",
+  "details": "The moodle1 backup converter in `backup/converter/moodle1/lib.php` in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.",
+  "severity": [
+
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "moodle/moodle"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.4"
+            },
+            {
+              "fixed": "2.4.1"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "2.4"
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "moodle/moodle"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.3"
+            },
+            {
+              "fixed": "2.3.4"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2.3.3"
+      }
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "moodle/moodle"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.2"
+            },
+            {
+              "fixed": "2.2.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2.2.6"
+      }
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "moodle/moodle"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.1"
+            },
+            {
+              "fixed": "2.1.10"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2.1.9"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6099"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/moodle/moodle"
+    },
+    {
+      "type": "WEB",
+      "url": "https://moodle.org/mod/forum/discuss.php?d=220160"
+    },
+    {
+      "type": "WEB",
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977"
+    },
+    {
+      "type": "WEB",
+      "url": "http://openwall.com/lists/oss-security/2013/01/21/1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2023-12-29T21:00:53Z",
+    "nvd_published_at": "2013-01-27T22:55:00Z"
+  }
+}
--- a/advisories/unreviewed/2022/05/GHSA-cr78-rphw-w73p/GHSA-cr78-rphw-w73p.json
+++ b/advisories/unreviewed/2022/05/GHSA-cr78-rphw-w73p/GHSA-cr78-rphw-w73p.json
@ -1,43 +0,0 @@
-{
-  "schema_version": "1.4.0",
-  "id": "GHSA-cr78-rphw-w73p",
-  "modified": "2022-05-13T01:12:55Z",
-  "published": "2022-05-13T01:12:55Z",
-  "aliases": [
-    "CVE-2012-6099"
-  ],
-  "details": "The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.",
-  "severity": [
-
-  ],
-  "affected": [
-
-  ],
-  "references": [
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6099"
-    },
-    {
-      "type": "WEB",
-      "url": "https://moodle.org/mod/forum/discuss.php?d=220160"
-    },
-    {
-      "type": "WEB",
-      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977"
-    },
-    {
-      "type": "WEB",
-      "url": "http://openwall.com/lists/oss-security/2013/01/21/1"
-    }
-  ],
-  "database_specific": {
-    "cwe_ids": [
-      "CWE-20"
-    ],
-    "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
-    "nvd_published_at": "2013-01-27T22:55:00Z"
-  }
-}