Описание
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-3636
- https://github.com/moodle/moodle/commit/0bd97209ac5e217dbec236c73e4f6fdcaee1c737
- https://access.redhat.com/security/cve/CVE-2025-3636
- https://bugzilla.redhat.com/show_bug.cgi?id=2359726
- https://moodle.org/mod/forum/discuss.php?d=467598
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499
Пакеты
moodle/moodle
< 4.1.18
4.1.18
moodle/moodle
>= 4.3.0-beta, < 4.3.12
4.3.12
moodle/moodle
>= 4.4.0-beta, < 4.4.8
4.4.8
moodle/moodle
>= 4.5.0-beta, < 4.5.4
4.5.4
Связанные уязвимости
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
A flaw was found in Moodle. This vulnerability allows unauthorized use ...
Уязвимость компонента RSS Block виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
