{"id":"CVE-2017-7490","details":"In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.","aliases":["GHSA-9x63-m3cc-qf3g"],"modified":"2026-03-14T09:29:12.848863Z","published":"2017-05-15T14:29:00.293Z","references":[{"type":"FIX","url":"https://moodle.org/mod/forum/discuss.php?d=352354"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moodle/moodle","events":[{"introduced":"0"},{"last_affected":"c1ed2546431985262aefc4a39f9dec43e12426d3"},{"introduced":"0"},{"last_affected":"069fe267b611d0025d232bf66706a44ffccc737c"},{"introduced":"0"},{"last_affected":"04011431939939f74119504a6db2423848ddfa6f"},{"introduced":"0"},{"last_affected":"2fe085b2841f80f408050e0bb579d3cb21deae3b"},{"introduced":"0"},{"last_affected":"8b3d19c2f52bcfc6b5df4cdd376948d4fac975fa"},{"introduced":"0"},{"last_affected":"31059fd6534655d0eb55a5a455f7b885ec53e0e2"},{"introduced":"0"},{"last_affected":"803ddf9af38c632eb58d1c7ea4b2611e873e6325"},{"introduced":"0"},{"last_affected":"6926971a0f203a4f5d3bed9f20ad43451f33690c"},{"introduced":"0"},{"last_affected":"f25f4caffdece4aabb65b3fb2b2864f4318602ec"},{"introduced":"0"},{"last_affected":"8533cba2ae9d000a5e98742d9d66f07d934754aa"},{"introduced":"0"},{"last_affected":"fad0937a8211e761f6f71d9c585bc4390bc1f0b3"},{"introduced":"0"},{"last_affected":"12e29080e14d82441e10bcd91a6067508e5c4dfa"},{"introduced":"0"},{"last_affected":"fa54db9c03de0fca90d717aed5e05814470983ca"},{"introduced":"0"},{"last_affected":"c92478291f347788fe4b932b121356cf535e26c8"},{"introduced":"0"},{"last_affected":"059c03d494fc8407644adaa5625ba2d86955861e"},{"introduced":"0"},{"last_affected":"3f85661e188670bd8c9c2f99bc02676bda2a5cae"},{"introduced":"0"},{"last_affected":"e7acb5cfca484e197f7b6740c173302c684bd0eb"},{"introduced":"0"},{"last_affected":"fb8bd4eefe89b92a429a29c593d8530c71694210"},{"introduced":"0"},{"last_affected":"6480b0c1ea31beed1813e4c11e37efcae8659838"},{"introduced":"0"},{"last_affected":"1f04e7c6854a0c88cf09442d6c50e558e0157478"},{"introduced":"0"},{"last_affected":"413f97352819acad68d9aadd7e13c2db74593fee"},{"introduced":"0"},{"last_affected":"d6cf0e56d1858629065fb2515e378e4bfde2f92e"},{"introduced":"0"},{"last_affected":"6114fab93b414fcfa107d5a8fa2b35bc99d3464e"},{"introduced":"0"},{"last_affected":"9382ac38d60bee1226e3ba13906770552bea6012"},{"introduced":"0"},{"last_affected":"4cef723c228d3f0e4848551df9b27464853f27c5"},{"introduced":"0"},{"last_affected":"1533fca4b5c398597dc22ee8421b11754b21dc19"},{"introduced":"0"},{"last_affected":"bcf2ea710cdae055fddbecd0618087e071c0559a"},{"introduced":"0"},{"last_affected":"20949f47fea1835a9a86a26809c8f9817def893f"},{"introduced":"0"},{"last_affected":"62e799ac84232c065790c8cab0f841e43ae038e0"},{"introduced":"0"},{"last_affected":"5d35d7b8843f5f4571dd0b10ad1490cd524e67da"},{"introduced":"0"},{"last_affected":"97dd32edd69cd9d034b56b1f2c3ffe2f2e0832e9"},{"introduced":"0"},{"last_affected":"d97b3d4c81e89e7495478e40a5ff25a22d6e7a5f"},{"introduced":"0"},{"last_affected":"0324fefaf6bccbb3443070af41d0f34ac3ed81ee"},{"introduced":"0"},{"last_affected":"b022c2cd1c5e183659739c9e5bc1b4542c6967de"},{"introduced":"0"},{"last_affected":"ca86a178c813653e07b7b918b6f1e61d1ed62555"},{"introduced":"0"},{"last_affected":"25c75f9b9939bdeb96fd8467b48dc6b6909bbc89"},{"introduced":"0"},{"last_affected":"268abfacc54c4cbf9722c1502569b311c7caefff"},{"introduced":"0"},{"last_affected":"fc1ef59fbed351ec3de68be4eeec0f3a6cbfe210"},{"introduced":"0"},{"last_affected":"33892edf189f5e2c9041c67119e1fd5fbe540635"},{"introduced":"0"},{"last_affected":"30c8ed5c16547cffcd1345c3a288f63263d40fdc"},{"introduced":"0"},{"last_affected":"47806ea17e5e9728927b354e474e48d14ea8f4f4"},{"introduced":"0"},{"last_affected":"f851201f58662264ad7864dbbf8e2240ce7bf84a"},{"introduced":"0"},{"last_affected":"de572fbf032777e89196b42148e44f83e0fd4d78"},{"introduced":"0"},{"last_affected":"edab0782a354995c60ff2c7874031addb155a49c"},{"introduced":"0"},{"last_affected":"b182239f21c38ea57cddb41b0c03ef3eb02709f8"},{"introduced":"0"},{"last_affected":"258d07d37ef719d0f1842f2a74113fd64e1ead40"},{"introduced":"0"},{"last_affected":"cd4a6b8b0bca159d3abb1468794ed5a074c5b701"},{"introduced":"0"},{"last_affected":"0fbe41f4cda13cb2a205aaa4eaeeec45e595e3b6"},{"introduced":"0"},{"last_affected":"3eabedbb9284e5b39500220e4f7b1e29420ebf2b"},{"introduced":"0"},{"last_affected":"a0352aa95e292813d787aa8ea599ddc739d6c991"},{"introduced":"0"},{"last_affected":"1b00e27281b459d27bbd9dc70099a292709ffb54"},{"introduced":"0"},{"last_affected":"07f6358b03027633f1c8e8b14cc03d771f4e7462"},{"introduced":"0"},{"last_affected":"70fa678586c32a4710c62a59f71d63e02bd9e500"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.0"},{"introduced":"0"},{"last_affected":"2.7.0-beta"},{"introduced":"0"},{"last_affected":"2.7.0-rc1"},{"introduced":"0"},{"last_affected":"2.7.0-rc2"},{"introduced":"0"},{"last_affected":"2.7.1"},{"introduced":"0"},{"last_affected":"2.7.2"},{"introduced":"0"},{"last_affected":"2.7.3"},{"introduced":"0"},{"last_affected":"2.7.4"},{"introduced":"0"},{"last_affected":"2.7.5"},{"introduced":"0"},{"last_affected":"2.7.6"},{"introduced":"0"},{"last_affected":"2.7.7"},{"introduced":"0"},{"last_affected":"2.7.8"},{"introduced":"0"},{"last_affected":"2.7.9"},{"introduced":"0"},{"last_affected":"2.7.10"},{"introduced":"0"},{"last_affected":"2.7.11"},{"introduced":"0"},{"last_affected":"2.7.12"},{"introduced":"0"},{"last_affected":"2.7.13"},{"introduced":"0"},{"last_affected":"2.7.14"},{"introduced":"0"},{"last_affected":"2.7.15"},{"introduced":"0"},{"last_affected":"2.7.16"},{"introduced":"0"},{"last_affected":"2.7.17"},{"introduced":"0"},{"last_affected":"2.7.18"},{"introduced":"0"},{"last_affected":"3.0.0"},{"introduced":"0"},{"last_affected":"3.0.0-beta"},{"introduced":"0"},{"last_affected":"3.0.0-rc1"},{"introduced":"0"},{"last_affected":"3.0.0-rc2"},{"introduced":"0"},{"last_affected":"3.0.0-rc3"},{"introduced":"0"},{"last_affected":"3.0.0-rc4"},{"introduced":"0"},{"last_affected":"3.0.1"},{"introduced":"0"},{"last_affected":"3.0.2"},{"introduced":"0"},{"last_affected":"3.0.3"},{"introduced":"0"},{"last_affected":"3.0.4"},{"introduced":"0"},{"last_affected":"3.0.5"},{"introduced":"0"},{"last_affected":"3.0.6"},{"introduced":"0"},{"last_affected":"3.0.7"},{"introduced":"0"},{"last_affected":"3.0.8"},{"introduced":"0"},{"last_affected":"3.1.0"},{"introduced":"0"},{"last_affected":"3.1.0-beta"},{"introduced":"0"},{"last_affected":"3.1.0-rc1"},{"introduced":"0"},{"last_affected":"3.1.0-rc2"},{"introduced":"0"},{"last_affected":"3.1.1"},{"introduced":"0"},{"last_affected":"3.1.2"},{"introduced":"0"},{"last_affected":"3.1.3"},{"introduced":"0"},{"last_affected":"3.1.4"},{"introduced":"0"},{"last_affected":"3.2.0"},{"introduced":"0"},{"last_affected":"3.2.0-beta"},{"introduced":"0"},{"last_affected":"3.2.0-rc1"},{"introduced":"0"},{"last_affected":"3.2.0-rc2"},{"introduced":"0"},{"last_affected":"3.2.0-rc3"},{"introduced":"0"},{"last_affected":"3.2.0-rc4"},{"introduced":"0"},{"last_affected":"3.2.0-rc5"},{"introduced":"0"},{"last_affected":"3.2.1"},{"introduced":"0"},{"last_affected":"3.2.2"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.2.0","v1.2.1","v1.3.0","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.0-beta","v2.2.0-rc1","v2.3.0","v2.3.0-beta","v2.3.0-rc1","v2.4.0","v2.4.0-beta","v2.4.0-rc1","v2.5.0","v2.5.0-beta","v2.5.0-rc1","v2.6.0","v2.6.0-beta","v2.6.0-rc1","v2.7.0","v2.7.0-beta","v2.7.0-rc1","v2.7.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7490.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}