CVE-2019-14880
4.8
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | moodle | 3.7 before 3.7.3 | affected |
| [UNKNOWN] | moodle | 3.6 before 3.6.7 | affected |
| [UNKNOWN] | moodle | 3.5 before 3.5.9 | affected |
| [UNKNOWN] | moodle | 3.5 and earlier | affected |
Weaknesses
- CWE-287: CWE-287
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.