Описание
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.0 (включая) до 3.5.8 (включая)Версия от 3.6.0 (включая) до 3.6.6 (включая)Версия от 3.7.0 (включая) до 3.7.2 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00205
Низкий
4.2 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-264
CWE-273
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 5 лет назад
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
CVSS3: 5.4
debian
больше 5 лет назад
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ...
CVSS3: 5.4
github
около 3 лет назад
Moodle does not revoke role capabilities correctly
EPSS
Процентиль: 43%
0.00205
Низкий
4.2 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-264
CWE-273