Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-mmvj-j7hq-rx85
Moodle sensitive information disclosure
GHSA-w2pj-r8m3-r4jc
Moodle Information Disclosure
GHSA-m7cc-6vhg-39wr
Moodle improper access control
GHSA-qqvp-r28f-c3cv
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
GHSA-c2r4-f8qv-2v7v
Moodle allows attackers to read SCORM contents
GHSA-ghqg-3wq5-437q
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
GHSA-xfgq-37vh-892j
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
GHSA-2jcw-r79x-4r5v
Moodle does not set the RISK_XSS bit for graders
GHSA-m2f7-57gp-v34q
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
GHSA-2hw6-6rgf-726v
Moodle XSS Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-mmvj-j7hq-rx85 Moodle sensitive information disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-w2pj-r8m3-r4jc Moodle Information Disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m7cc-6vhg-39wr Moodle improper access control | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-qqvp-r28f-c3cv lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | 0% Низкий | больше 3 лет назад | |
| GHSA-c2r4-f8qv-2v7v Moodle allows attackers to read SCORM contents | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-ghqg-3wq5-437q Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | 0% Низкий | больше 3 лет назад | |
| GHSA-xfgq-37vh-892j Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature. | CVSS3: 6.8 | 1% Низкий | больше 3 лет назад |
| GHSA-2jcw-r79x-4r5v Moodle does not set the RISK_XSS bit for graders | 0% Низкий | больше 3 лет назад | |
| GHSA-m2f7-57gp-v34q Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 0% Низкий | больше 3 лет назад | |
| GHSA-2hw6-6rgf-726v Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу