Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-6xpm-q8x9-j3rw
Moodle allows attackers to bypass intended access restrictions
GHSA-2vhr-4mhq-m35c
Moodle does not properly restrict access
GHSA-j6c3-3c4w-qv8p
Moodle cross-site scripting (XSS) vulnerabilities
GHSA-c2r4-f8qv-2v7v
Moodle allows attackers to read SCORM contents
GHSA-m2f7-57gp-v34q
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
GHSA-qqvp-r28f-c3cv
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
GHSA-mmvj-j7hq-rx85
Moodle sensitive information disclosure
GHSA-2jcw-r79x-4r5v
Moodle does not set the RISK_XSS bit for graders
GHSA-g4wf-f588-7xc7
mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.
GHSA-m7cc-6vhg-39wr
Moodle improper access control
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-6xpm-q8x9-j3rw Moodle allows attackers to bypass intended access restrictions | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-2vhr-4mhq-m35c Moodle does not properly restrict access | 0% Низкий | больше 3 лет назад | |
| GHSA-j6c3-3c4w-qv8p Moodle cross-site scripting (XSS) vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-c2r4-f8qv-2v7v Moodle allows attackers to read SCORM contents | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m2f7-57gp-v34q Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 0% Низкий | больше 3 лет назад | |
| GHSA-qqvp-r28f-c3cv lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | 0% Низкий | больше 3 лет назад | |
| GHSA-mmvj-j7hq-rx85 Moodle sensitive information disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-2jcw-r79x-4r5v Moodle does not set the RISK_XSS bit for graders | 0% Низкий | больше 3 лет назад | |
| GHSA-g4wf-f588-7xc7 mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m7cc-6vhg-39wr Moodle improper access control | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу