CVE-2019-3849
6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | moodle | 3.6.3 | affected |
| [UNKNOWN] | moodle | 3.5.5 | affected |
| [UNKNOWN] | moodle | 3.4.8 | affected |
Weaknesses
- CWE-285: CWE-285
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
- https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
- https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.