Описание
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
Ссылки
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.8.9 (включая)Версия от 3.9.0 (включая) до 3.9.11 (включая)Версия от 3.10.0 (включая) до 3.10.9 (исключая)Версия от 3.11.0 (включая) до 3.11.5 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00148
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
CWE-668
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 4 года назад
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
CVSS3: 4.3
debian
почти 4 года назад
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...
EPSS
Процентиль: 30%
0.00148
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
CWE-668