Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2024-43429
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.
CVE-2024-43435
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.
CVE-2024-43430
A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.
CVE-2024-43437
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.
CVE-2024-43432
A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-43433
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.
GHSA-v6f4-v8h8-3c87
Moodle Remote Code Execution vulnerability
GHSA-2r9m-wg35-rfvc
Moodle vulnerable to cache poisoning via injection into storage
GHSA-p9cx-f595-h79h
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
GHSA-qrqv-26gf-xgwh
Moodle LFI vulnerability when restoring malformed block backups
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-43429 A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| CVE-2024-43435 A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | CVSS3: 5.3 | 1% Низкий | около 1 года назад |
| CVE-2024-43430 A flaw was found in moodle. External API access to Quiz can override contained insufficient access control. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| CVE-2024-43437 A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | CVSS3: 5.4 | 1% Низкий | около 1 года назад |
| CVE-2024-43432 A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| CVE-2024-43433 A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users. | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| GHSA-v6f4-v8h8-3c87 Moodle Remote Code Execution vulnerability | CVSS3: 8.1 | 89% Высокий | около 1 года назад |
| GHSA-2r9m-wg35-rfvc Moodle vulnerable to cache poisoning via injection into storage | CVSS3: 7.7 | 0% Низкий | около 1 года назад |
| GHSA-p9cx-f595-h79h Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| GHSA-qrqv-26gf-xgwh Moodle LFI vulnerability when restoring malformed block backups | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу