Описание
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
Ссылки
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
3.7 Low
CVSS3
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3. ...
Moodle Email media URL tokens were not checking for user status
EPSS
3.7 Low
CVSS3
5.3 Medium
CVSS3
4.3 Medium
CVSS2