CVE-2021-20283
N/A
N/A
Summary
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | moodle | Fixed in 3.10.2, 3.9.5, 3.8.8, 3.5.17 | affected |
Weaknesses
- CWE-863: CWE-863
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939051
- https://moodle.org/mod/forum/discuss.php?d=419654
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939051
- https://moodle.org/mod/forum/discuss.php?d=419654
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.