Описание
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Ссылки
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.8 (исключая)Версия от 3.5.0 (включая) до 3.5.5 (исключая)Версия от 3.6.0 (включая) до 3.6.3 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00374
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-285
CWE-269
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 6 лет назад
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
CVSS3: 8.8
debian
около 6 лет назад
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...
CVSS3: 8.8
github
около 3 лет назад
Moodle Users could elevate their role when accessing the LTI tool on a provider site
EPSS
Процентиль: 58%
0.00374
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-285
CWE-269