Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 577
GHSA-ghqg-3wq5-437q
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
GHSA-mmvj-j7hq-rx85
Moodle sensitive information disclosure
GHSA-h2rg-p9qr-pqcr
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.
GHSA-w2pj-r8m3-r4jc
Moodle Information Disclosure
GHSA-m2f7-57gp-v34q
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
GHSA-j6c3-3c4w-qv8p
Moodle cross-site scripting (XSS) vulnerabilities
GHSA-2jcw-r79x-4r5v
Moodle does not set the RISK_XSS bit for graders
GHSA-c2r4-f8qv-2v7v
Moodle allows attackers to read SCORM contents
GHSA-m7cc-6vhg-39wr
Moodle improper access control
GHSA-qqvp-r28f-c3cv
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-ghqg-3wq5-437q Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | 0% Низкий | больше 3 лет назад | |
| GHSA-mmvj-j7hq-rx85 Moodle sensitive information disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-h2rg-p9qr-pqcr course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. | 0% Низкий | больше 3 лет назад | |
| GHSA-w2pj-r8m3-r4jc Moodle Information Disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m2f7-57gp-v34q Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 0% Низкий | больше 3 лет назад | |
| GHSA-j6c3-3c4w-qv8p Moodle cross-site scripting (XSS) vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-2jcw-r79x-4r5v Moodle does not set the RISK_XSS bit for graders | 0% Низкий | больше 3 лет назад | |
| GHSA-c2r4-f8qv-2v7v Moodle allows attackers to read SCORM contents | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m7cc-6vhg-39wr Moodle improper access control | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-qqvp-r28f-c3cv lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу