-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems directly from the generate_password function's use of an inadequate wordlist, as evidenced by: 1) The CVE description explicitly names this function 2) The patch modifies lib/wordlist.txt to expand from 35 to 183 animal names 3) The commit message MDL-47050 references password generation security 4) CWE-1391 (Weak Credentials) maps to low password space entropy. While the exact implementation isn't shown, Moodle's architecture places core password utilities in moodlelib.php.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 2.7.0, <= 2.7.2 | 2.7.3 |
| moodle/moodle | composer | >= 2.6.0, <= 2.6.5 | 2.6.6 |
| moodle/moodle | composer | >= 2.5.0, <= 2.5.8 | 2.5.9 |