| 0 |
| url |
VCID-2s6b-tp6p-gue1 |
| vulnerability_id |
VCID-2s6b-tp6p-gue1 |
| summary |
Cross-Site Request Forgery (CSRF)
A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10186, GHSA-wv9c-pfpm-4wc5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6b-tp6p-gue1 |
|
| 1 |
| url |
VCID-336n-hpzg-euhd |
| vulnerability_id |
VCID-336n-hpzg-euhd |
| summary |
Cross-site Scripting
The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.2 |
| purl |
pkg:composer/moodle/moodle@3.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-akv3-zfp8-kkc7 |
|
| 3 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 4 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 5 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 8 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 9 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 10 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 13 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 14 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 15 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 16 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 17 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 18 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 19 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 20 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2 |
|
|
| aliases |
CVE-2019-3808, GHSA-4r2p-wpv5-683w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd |
|
| 2 |
| url |
VCID-a6pb-47tu-afcg |
| vulnerability_id |
VCID-a6pb-47tu-afcg |
| summary |
Information Exposure
Moodle is vulnerable to information exposure of service tokens for users enrolled in the same course. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.7.2 |
| purl |
pkg:composer/moodle/moodle@3.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 13 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 14 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 15 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 16 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.2 |
|
|
| aliases |
CVE-2020-1692, GHSA-9328-7pcw-vw69
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a6pb-47tu-afcg |
|
| 3 |
| url |
VCID-akv3-zfp8-kkc7 |
| vulnerability_id |
VCID-akv3-zfp8-kkc7 |
| summary |
Permissions, Privileges, and Access Controls
There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3851, GHSA-pj45-hp8h-289r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-akv3-zfp8-kkc7 |
|
| 4 |
|
| 5 |
| url |
VCID-eu27-a3px-87ed |
| vulnerability_id |
VCID-eu27-a3px-87ed |
| summary |
Improper Access Control
Teachers in an assignment group could modify group overrides for other groups in the same assignment. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10189, GHSA-h7xp-7fjp-ghhc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eu27-a3px-87ed |
|
| 6 |
|
| 7 |
|
| 8 |
| url |
VCID-k73h-z6j8-gkgz |
| vulnerability_id |
VCID-k73h-z6j8-gkgz |
| summary |
Information Exposure
The `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.2 |
| purl |
pkg:composer/moodle/moodle@3.6.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-akv3-zfp8-kkc7 |
|
| 3 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 4 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 5 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 8 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 9 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 10 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 13 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 14 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 15 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 16 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 17 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 18 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 19 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 20 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2 |
|
|
| aliases |
CVE-2019-3810, GHSA-wm4w-8vc6-2j4h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz |
|
| 9 |
|
| 10 |
|
| 11 |
| url |
VCID-n5tc-1k33-dfeq |
| vulnerability_id |
VCID-n5tc-1k33-dfeq |
| summary |
Incorrect Authorization
A vulnerability was found in Moodle where tokens used to fetch inline atachments in email notifications were not disabled when a user account was no longer active. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
|
| aliases |
CVE-2019-14883, GHSA-774q-wfcp-vc2q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n5tc-1k33-dfeq |
|
| 12 |
| url |
VCID-paj4-nq1r-jbd3 |
| vulnerability_id |
VCID-paj4-nq1r-jbd3 |
| summary |
Improper Input Validation
It is possible to create an SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.8.3 |
| purl |
pkg:composer/moodle/moodle@3.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 14 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 15 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 16 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 17 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.3 |
|
|
| aliases |
CVE-2020-10738, GHSA-vr6v-g96p-cjc3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-paj4-nq1r-jbd3 |
|
| 13 |
| url |
VCID-qhv1-wgpm-7fh6 |
| vulnerability_id |
VCID-qhv1-wgpm-7fh6 |
| summary |
Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3849, GHSA-5wg9-5w3f-hxmh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6 |
|
| 14 |
|
| 15 |
| url |
VCID-r6kn-b963-eqge |
| vulnerability_id |
VCID-r6kn-b963-eqge |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3850, GHSA-3fj7-9j8m-7r8g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge |
|
| 16 |
| url |
VCID-s6uu-335k-yfbc |
| vulnerability_id |
VCID-s6uu-335k-yfbc |
| summary |
Improper Input Validation
Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3847, GHSA-qrcj-6fjw-3h9h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc |
|
| 17 |
| url |
VCID-w2b2-fuky-j3ff |
| vulnerability_id |
VCID-w2b2-fuky-j3ff |
| summary |
Improper Authentication
A vulnerability was found in Moodle: OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
|
| aliases |
CVE-2019-14880, GHSA-rv62-6f56-j83w
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2b2-fuky-j3ff |
|
| 18 |
| url |
VCID-w9ca-exua-g7ar |
| vulnerability_id |
VCID-w9ca-exua-g7ar |
| summary |
Improper Access Control
Teachers in a quiz group could modify group overrides for other groups in the same quiz. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10188, GHSA-92q5-2h76-vgmj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ca-exua-g7ar |
|
| 19 |
| url |
VCID-x7rg-rsb5-pya7 |
| vulnerability_id |
VCID-x7rg-rsb5-pya7 |
| summary |
Improper Access Control
Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10187, GHSA-2mg9-hv69-897x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x7rg-rsb5-pya7 |
|
| 20 |
| url |
VCID-y8up-cqtu-jkdw |
| vulnerability_id |
VCID-y8up-cqtu-jkdw |
| summary |
Cross-site Scripting
Persistent XSS in `/course/modedit.php` of Moodle allows authenticated users (Teacher) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the `introeditor[text]` parameter. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
|
| aliases |
CVE-2019-18210, GHSA-q6vw-27c6-jv9c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-cqtu-jkdw |
|
| 21 |
| url |
VCID-zjrq-np3y-hua5 |
| vulnerability_id |
VCID-zjrq-np3y-hua5 |
| summary |
Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3848, GHSA-45rw-4r25-jvg7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5 |
|
| 22 |
| url |
VCID-zwkk-zazw-6fgg |
| vulnerability_id |
VCID-zwkk-zazw-6fgg |
| summary |
Improper Validation of Integrity Check Value
It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20184, GHSA-mm73-86f9-5x5c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkk-zazw-6fgg |
|