First published: Mon Feb 04 2019(Updated: )
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo Lms | <=1.11.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1000017 is an Incorrect Access Control vulnerability in Chamilo-lms version 1.11.8 and earlier.
CVE-2019-1000017 has a severity rating of medium (6.5).
An attacker can exploit CVE-2019-1000017 by using an authenticated user account to read all tickets available on the platform.
Yes, a fix is available for CVE-2019-1000017. Users should update to a version later than 1.11.8.
You can find more information about CVE-2019-1000017 in the references section of the vulnerability description.