Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
GHSA-487g-3m3v-hjhq
Uncontrolled Resource Consumption in moodle
GHSA-cp8m-h777-g4p3
Improper Access Control in moodle
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments ...
CVE-2024-25982
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
CVE-2024-25982
The link to update all installed language packs did not include the ne ...
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a f ...
CVE-2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-487g-3m3v-hjhq Uncontrolled Resource Consumption in moodle | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-cp8m-h777-g4p3 Improper Access Control in moodle | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-25983 Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | CVSS3: 3.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-25983 Insufficient checks in a web service made it possible to add comments ... | CVSS3: 3.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-25982 The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-25982 The link to update all installed language packs did not include the ne ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a f ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу