CVE-2019-14827 - OpenCVE

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

No data.

References

Link	Providers
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284
https://moodle.org/mod/forum/discuss.php?d=391030

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-05-17T15:37:26

Updated: 2024-08-05T00:26:39.120Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14827

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-17T16:15:07.510

Modified: 2021-06-01T20:01:50.247

Link: CVE-2019-14827

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Moodle", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-17T15:37:26", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://moodle.org/mod/forum/discuss.php?d=391030"}, {"tags": ["x_refsource_MISC"], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-14827", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Moodle", "version": {"version_data": [{"version_value": "3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94"}]}]}, "references": {"reference_data": [{"name": "https://moodle.org/mod/forum/discuss.php?d=391030", "refsource": "MISC", "url": "https://moodle.org/mod/forum/discuss.php?d=391030"}, {"name": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284", "refsource": "MISC", "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:26:39.120Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=391030"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14827", "datePublished": "2021-05-17T15:37:26", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.120Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D443C9B-4E6C-4DFC-BC79-249FE71A44CB", "versionEndIncluding": "3.5.7", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "850D661D-990A-4A27-864B-1F52DD5F94D8", "versionEndIncluding": "3.6.5", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2879DC1-468C-4692-9D43-23DAFB088145", "versionEndIncluding": "3.7.1", "versionStartIncluding": "3.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Moodle donde la inyecci\u00f3n de javaScript era posible en algunas plantillas de Moustache por medio de la representaci\u00f3n recursiva desde contextos. Las etiquetas de ayuda de Moustache que son incluidos en contextos de plantilla no se escaparon versiones anteriores a que ese contexto se inyectara en otro ayudante de Moustache, lo que podr\u00eda resultar en una inyecci\u00f3n de un script en algunas plantillas. Esto afecta a versiones 3.7 hasta 3.7.1, versiones 3.6 hasta 3.6.5, versiones 3.5 hasta 3.5.7 y versiones anteriores no compatibles"}], "id": "CVE-2019-14827", "lastModified": "2021-06-01T20:01:50.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-17T16:15:07.510", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=391030"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "secalert@redhat.com", "type": "Primary"}]}