Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
CVE-2021-32472
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
GHSA-6jhm-4vmx-mr76
SQL injection in Moodle
GHSA-m434-m5pv-p35w
Insufficient user authorization in Moodle
GHSA-93pj-4p65-qmr9
Insufficient user authorization in Moodle
GHSA-xpfv-89vg-r562
Cross Site Request Forgery in Moodle
CVE-2022-0335
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-32475 ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
| CVE-2021-32476 A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| CVE-2021-32472 Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-32477 The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | CVSS3: 6.1 | 4% Низкий | больше 3 лет назад |
| GHSA-6jhm-4vmx-mr76 SQL injection in Moodle | CVSS3: 9.8 | 4% Низкий | больше 3 лет назад |
| GHSA-m434-m5pv-p35w Insufficient user authorization in Moodle | CVSS3: 3.8 | 0% Низкий | больше 3 лет назад |
| GHSA-93pj-4p65-qmr9 Insufficient user authorization in Moodle | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-xpfv-89vg-r562 Cross Site Request Forgery in Moodle | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-0335 A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу