Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for IcProgreso plugin by Innovación y Cualificación

    CVE-2025-2201 (GCVE-0-2025-2201)

    Vulnerability from nvd – Published: 2025-03-17 10:13 – Updated: 2025-03-17 12:18
    VLAI
    Title
    Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
    Summary
    Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Date Public
    2025-03-11 11:00
    Credits
    Julen Garrido Estevez
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2201",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-17T12:16:17.349917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T12:18:11.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IcProgreso plugin",
              "vendor": "Innovaci\u00f3n y Cualificaci\u00f3n",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Julen Garrido Estevez"
            }
          ],
          "datePublic": "2025-03-11T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
                }
              ],
              "value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-17T10:15:07.196Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
                }
              ],
              "value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken access control vulnerability in the Innovaci\u00f3n y Cualificaci\u00f3n IcProgreso plugin",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2025-2201",
        "datePublished": "2025-03-17T10:13:48.361Z",
        "dateReserved": "2025-03-11T09:52:09.599Z",
        "dateUpdated": "2025-03-17T12:18:11.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2201 (GCVE-0-2025-2201)

    Vulnerability from cvelistv5 – Published: 2025-03-17 10:13 – Updated: 2025-03-17 12:18
    VLAI
    Title
    Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin
    Summary
    Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Date Public
    2025-03-11 11:00
    Credits
    Julen Garrido Estevez
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2201",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-17T12:16:17.349917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T12:18:11.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IcProgreso plugin",
              "vendor": "Innovaci\u00f3n y Cualificaci\u00f3n",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Julen Garrido Estevez"
            }
          ],
          "datePublic": "2025-03-11T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
                }
              ],
              "value": "Broken access control vulnerability in the IcProgress Innovaci\u00f3n y Cualificaci\u00f3n plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-17T10:15:07.196Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-moodle-innovacion-y-cualificacion-plugins"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
                }
              ],
              "value": "Innovaci\u00f3n y Cualificaci\u00f3n has released a new version that fixes the vulnerabilities detected in the affected plugins. It has been implemented in all installations of the affected software, and the process will be completed in December 2024."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken access control vulnerability in the Innovaci\u00f3n y Cualificaci\u00f3n IcProgreso plugin",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2025-2201",
        "datePublished": "2025-03-17T10:13:48.361Z",
        "dateReserved": "2025-03-11T09:52:09.599Z",
        "dateUpdated": "2025-03-17T12:18:11.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }