Improper Validation of Specified Type of Input

CVE-2024-43426

High

8.7/10

Summary

A flaw was found in "pdfTeX" in Moodle. Insufficient sanitizing in the "TeX" notation filter resulted in an arbitrary file read risk on sites where "pdfTeX" is available, such as those with "TeX Live" installed. This issue affects moodle/moodle package versions prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, and 4.4.x prior to 4.4.2.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1287 - Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Nov 07, 2024

Improper Validation of Specified Type of Input

CVE-2024-43426

Summary

CWE-1287 - Improper Validation of Specified Type of Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS