Home > Vulnerability Database > CVE-2019-1000017

Mend.io Vulnerability Database

CVE-2019-1000017

Date: February 4, 2019

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.

Language: PHP

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-1000017

Url: https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-34-2019-01-14-Moderate-risk-moderate-impact-XSS-and-unauthorized-access

Url: https://github.com/chamilo/chamilo-lms/commit/33e2692a37b5b6340cf5bec1a84e541460983c03

Url: https://www.mend.io/vulnerability-database/CVE-2019-1000017

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-1000017

Date: February 4, 2019

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?