{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-43426","assignerOrgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","state":"PUBLISHED","assignerShortName":"fedora","dateReserved":"2024-08-13T07:15:00.597Z","datePublished":"2024-11-07T13:22:42.839Z","dateUpdated":"2025-02-10T22:27:06.037Z"},"containers":{"cna":{"title":"Moodle: arbitrary file read risk through pdftex","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"4.1.12","versionType":"semver"},{"status":"affected","version":"4.2","lessThan":"4.2.9","versionType":"semver"},{"status":"affected","version":"4.3","lessThan":"4.3.6","versionType":"semver"},{"status":"affected","version":"4.4","lessThan":"4.4.2","versionType":"semver"}],"packageName":"moodle","collectionURL":"https://github.com/moodle/moodle","defaultStatus":"unaffected"}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304254","name":"RHBZ#2304254","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=461194"}],"datePublic":"2024-08-19T04:00:00.000Z","timeline":[{"lang":"en","time":"2024-08-12T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-08-19T04:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","shortName":"fedora","dateUpdated":"2024-11-07T13:22:42.839Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1287","lang":"en","description":"CWE-1287 Improper Validation of Specified Type of Input"}]}],"affected":[{"vendor":"moodle","product":"moodle","cpes":["cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"4.1.12","versionType":"semver"},{"version":"4.2","status":"affected","lessThan":"4.2.9","versionType":"semver"},{"version":"4.3","status":"affected","lessThan":"4.3.6","versionType":"semver"},{"version":"4.4","status":"affected","lessThan":"4.4.2","versionType":"semver"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-07T14:41:10.596625Z","id":"CVE-2024-43426","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-10T22:27:06.037Z"}}]}}