Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-cp8m-h777-g4p3
Improper Access Control in moodle
GHSA-9r26-5w88-qhp9
Authorization Bypass in moodle
GHSA-6vjf-48fh-vxxj
Improper Handling of Parameters in moodle
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments ...
CVE-2024-25982
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
CVE-2024-25982
The link to update all installed language packs did not include the ne ...
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a f ...
CVE-2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-cp8m-h777-g4p3 Improper Access Control in moodle | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| GHSA-9r26-5w88-qhp9 Authorization Bypass in moodle | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| GHSA-6vjf-48fh-vxxj Improper Handling of Parameters in moodle | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
 | CVE-2024-25983 Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | CVSS3: 3.5 | 0% Низкий | почти 2 года назад |
| CVE-2024-25983 Insufficient checks in a web service made it possible to add comments ... | CVSS3: 3.5 | 0% Низкий | почти 2 года назад |
| CVE-2024-25982 The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25982 The link to update all installed language packs did not include the ne ... | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a f ... | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу