Описание
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Пакеты
moodle/moodle
< 4.1.18
4.1.18
moodle/moodle
>= 4.3.0-beta, < 4.3.12
4.3.12
moodle/moodle
>= 4.4.0-beta, < 4.4.8
4.4.8
moodle/moodle
>= 4.5.0-beta, < 4.5.4
4.5.4
Связанные уязвимости
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
A flaw was found in Moodle. Insufficient capability checks made it pos ...
Уязвимость виртуальной обучающей среды Moodle, связанная с обходом авторизации посредством ключа, контролируемого пользователем, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации
