| 0 |
| url |
VCID-2s6b-tp6p-gue1 |
| vulnerability_id |
VCID-2s6b-tp6p-gue1 |
| summary |
Cross-Site Request Forgery (CSRF)
A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10186, GHSA-wv9c-pfpm-4wc5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6b-tp6p-gue1 |
|
| 1 |
| url |
VCID-3cb4-wz6x-ckcd |
| vulnerability_id |
VCID-3cb4-wz6x-ckcd |
| summary |
Improper Privilege Management
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-25699, GHSA-h77r-rp97-7rv4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3cb4-wz6x-ckcd |
|
| 2 |
|
| 3 |
| url |
VCID-56wj-4124-ryd2 |
| vulnerability_id |
VCID-56wj-4124-ryd2 |
| summary |
Improper Access Control
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.14 |
| purl |
pkg:composer/moodle/moodle@3.5.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 3 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 4 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 5 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 8 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 9 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 10 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 11 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 12 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.14 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.8.5 |
| purl |
pkg:composer/moodle/moodle@3.8.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 4 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 5 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 6 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 9 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 10 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 11 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 12 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 13 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 14 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.5 |
|
| 3 |
| url |
pkg:composer/moodle/moodle@3.9.2 |
| purl |
pkg:composer/moodle/moodle@3.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 4 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 5 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 6 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 9 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 10 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 11 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 12 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 13 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 14 |
| vulnerability |
VCID-q8s7-ksru-8ygs |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.2 |
|
|
| aliases |
CVE-2020-25629, GHSA-f5r8-7h4f-jr9x
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-56wj-4124-ryd2 |
|
| 4 |
| url |
VCID-6m19-4krm-2udd |
| vulnerability_id |
VCID-6m19-4krm-2udd |
| summary |
Uncontrolled Resource Consumption
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.14 |
| purl |
pkg:composer/moodle/moodle@3.5.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 3 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 4 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 5 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 8 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 9 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 10 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 11 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 12 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.14 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.8.5 |
| purl |
pkg:composer/moodle/moodle@3.8.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 4 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 5 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 6 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 9 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 10 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 11 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 12 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 13 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 14 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.5 |
|
| 3 |
| url |
pkg:composer/moodle/moodle@3.9.2 |
| purl |
pkg:composer/moodle/moodle@3.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 4 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 5 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 6 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 9 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 10 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 11 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 12 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 13 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 14 |
| vulnerability |
VCID-q8s7-ksru-8ygs |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.2 |
|
|
| aliases |
CVE-2020-25630, GHSA-66xp-28cq-mrf2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6m19-4krm-2udd |
|
| 5 |
| url |
VCID-a6pb-47tu-afcg |
| vulnerability_id |
VCID-a6pb-47tu-afcg |
| summary |
Information Exposure
Moodle is vulnerable to information exposure of service tokens for users enrolled in the same course. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.7.2 |
| purl |
pkg:composer/moodle/moodle@3.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 13 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 14 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 15 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 16 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.2 |
|
|
| aliases |
CVE-2020-1692, GHSA-9328-7pcw-vw69
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a6pb-47tu-afcg |
|
| 6 |
| url |
VCID-akv3-zfp8-kkc7 |
| vulnerability_id |
VCID-akv3-zfp8-kkc7 |
| summary |
Permissions, Privileges, and Access Controls
There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3851, GHSA-pj45-hp8h-289r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-akv3-zfp8-kkc7 |
|
| 7 |
|
| 8 |
| url |
VCID-c1a1-z5m1-nfbc |
| vulnerability_id |
VCID-c1a1-z5m1-nfbc |
| summary |
Incorrect Authorization
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-25701, GHSA-c9hq-g4q8-w893
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c1a1-z5m1-nfbc |
|
| 9 |
| url |
VCID-deur-8zdf-2kh2 |
| vulnerability_id |
VCID-deur-8zdf-2kh2 |
| summary |
Improper Input Validation
The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.6 |
| purl |
pkg:composer/moodle/moodle@3.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 9 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 10 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 11 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 12 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 13 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 14 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 15 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 16 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 17 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 18 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 19 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 20 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 21 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 22 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 23 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 24 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 25 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 26 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 27 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.6 |
|
| 1 |
|
|
| aliases |
CVE-2019-10134, GHSA-j8wr-7xxj-c2fr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2 |
|
| 10 |
|
| 11 |
| url |
VCID-eu27-a3px-87ed |
| vulnerability_id |
VCID-eu27-a3px-87ed |
| summary |
Improper Access Control
Teachers in an assignment group could modify group overrides for other groups in the same assignment. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10189, GHSA-h7xp-7fjp-ghhc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eu27-a3px-87ed |
|
| 12 |
| url |
VCID-fskk-cb95-uqer |
| vulnerability_id |
VCID-fskk-cb95-uqer |
| summary |
Cross-site Scripting
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.14 |
| purl |
pkg:composer/moodle/moodle@3.5.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 3 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 4 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 5 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 8 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 9 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 10 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 11 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 12 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.14 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.8.5 |
| purl |
pkg:composer/moodle/moodle@3.8.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 4 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 5 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 6 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 9 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 10 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 11 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 12 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 13 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 14 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.5 |
|
| 3 |
| url |
pkg:composer/moodle/moodle@3.9.2 |
| purl |
pkg:composer/moodle/moodle@3.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 4 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 5 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 6 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 9 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 10 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 11 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 12 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 13 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 14 |
| vulnerability |
VCID-q8s7-ksru-8ygs |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.2 |
|
|
| aliases |
CVE-2020-25628, GHSA-5x33-h32w-6vr2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fskk-cb95-uqer |
|
| 13 |
| url |
VCID-gnez-ehgq-rfbr |
| vulnerability_id |
VCID-gnez-ehgq-rfbr |
| summary |
Incorrect Authorization
When creating a user account, it was possible to verify the account without having access to the verification email `link/secret` in moodle |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20282, GHSA-grj4-g57c-9xmv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gnez-ehgq-rfbr |
|
| 14 |
| url |
VCID-hhzz-hbqz-akfw |
| vulnerability_id |
VCID-hhzz-hbqz-akfw |
| summary |
Cross-site Scripting
A reflected XSS is possible through fatal error messages. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.9 |
| purl |
pkg:composer/moodle/moodle@3.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 11 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 12 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 13 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 14 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 15 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 16 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 17 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 18 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 19 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 20 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.9 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
| 3 |
|
|
| aliases |
CVE-2019-14884, GHSA-3xh5-5v5v-mfgm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hhzz-hbqz-akfw |
|
| 15 |
|
| 16 |
|
| 17 |
| url |
VCID-kgva-z9gg-u3dw |
| vulnerability_id |
VCID-kgva-z9gg-u3dw |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
An open redirect exists in the Lesson edit page. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.9 |
| purl |
pkg:composer/moodle/moodle@3.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 11 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 12 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 13 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 14 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 15 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 16 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 17 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 18 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 19 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 20 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.9 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.5.10 |
| purl |
pkg:composer/moodle/moodle@3.5.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 11 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 12 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 13 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 14 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 15 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 16 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 17 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 18 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 19 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.10 |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
| 5 |
|
|
| aliases |
CVE-2019-14882, GHSA-m98q-q59p-r9fv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgva-z9gg-u3dw |
|
| 18 |
|
| 19 |
| url |
VCID-mhm4-8kuk-t7b6 |
| vulnerability_id |
VCID-mhm4-8kuk-t7b6 |
| summary |
Uncontrolled Resource Consumption
It was found in Moodle that messaging does not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20185, GHSA-c3j6-33r4-89q3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mhm4-8kuk-t7b6 |
|
| 20 |
| url |
VCID-mkfz-e1ft-2bcw |
| vulnerability_id |
VCID-mkfz-e1ft-2bcw |
| summary |
Code Injection
It was found in Moodle that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20187, GHSA-2jrm-gww7-wch2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mkfz-e1ft-2bcw |
|
| 21 |
| url |
VCID-mqde-66zm-qbbj |
| vulnerability_id |
VCID-mqde-66zm-qbbj |
| summary |
Incorrect Authorization
The web service responsible for fetching other users' enrolled courses does not validate that the requesting user had permission to view that information in each course in moodle |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20283, GHSA-2m72-m5cw-3g9h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mqde-66zm-qbbj |
|
| 22 |
| url |
VCID-nntc-dsz1-e3fp |
| vulnerability_id |
VCID-nntc-dsz1-e3fp |
| summary |
Cross-site Scripting
It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20186, GHSA-h8m4-h385-qhqv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nntc-dsz1-e3fp |
|
| 23 |
| url |
VCID-paj4-nq1r-jbd3 |
| vulnerability_id |
VCID-paj4-nq1r-jbd3 |
| summary |
Improper Input Validation
It is possible to create an SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.12 |
| purl |
pkg:composer/moodle/moodle@3.5.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 5 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 6 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 12 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 13 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 14 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 15 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 16 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.12 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:composer/moodle/moodle@3.8.3 |
| purl |
pkg:composer/moodle/moodle@3.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 14 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 15 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 16 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 17 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.3 |
|
|
| aliases |
CVE-2020-10738, GHSA-vr6v-g96p-cjc3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-paj4-nq1r-jbd3 |
|
| 24 |
|
| 25 |
| url |
VCID-qhv1-wgpm-7fh6 |
| vulnerability_id |
VCID-qhv1-wgpm-7fh6 |
| summary |
Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3849, GHSA-5wg9-5w3f-hxmh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6 |
|
| 26 |
| url |
VCID-qxsq-ku22-r7gx |
| vulnerability_id |
VCID-qxsq-ku22-r7gx |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.6 |
| purl |
pkg:composer/moodle/moodle@3.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 9 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 10 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 11 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 12 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 13 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 14 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 15 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 16 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 17 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 18 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 19 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 20 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 21 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 22 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 23 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 24 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 25 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 26 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 27 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.6 |
|
| 1 |
|
|
| aliases |
CVE-2019-10133, GHSA-5xp2-rv4h-mm2q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx |
|
| 27 |
| url |
VCID-r6kn-b963-eqge |
| vulnerability_id |
VCID-r6kn-b963-eqge |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3850, GHSA-3fj7-9j8m-7r8g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge |
|
| 28 |
| url |
VCID-s6uu-335k-yfbc |
| vulnerability_id |
VCID-s6uu-335k-yfbc |
| summary |
Improper Input Validation
Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3847, GHSA-qrcj-6fjw-3h9h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc |
|
| 29 |
| url |
VCID-w2b2-fuky-j3ff |
| vulnerability_id |
VCID-w2b2-fuky-j3ff |
| summary |
Improper Authentication
A vulnerability was found in Moodle: OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.9 |
| purl |
pkg:composer/moodle/moodle@3.5.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 11 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 12 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 13 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 14 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 15 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 16 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 17 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 18 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 19 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 20 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.9 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
|
| aliases |
CVE-2019-14880, GHSA-rv62-6f56-j83w
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2b2-fuky-j3ff |
|
| 30 |
| url |
VCID-w9ca-exua-g7ar |
| vulnerability_id |
VCID-w9ca-exua-g7ar |
| summary |
Improper Access Control
Teachers in a quiz group could modify group overrides for other groups in the same quiz. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10188, GHSA-92q5-2h76-vgmj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ca-exua-g7ar |
|
| 31 |
| url |
VCID-x7rg-rsb5-pya7 |
| vulnerability_id |
VCID-x7rg-rsb5-pya7 |
| summary |
Improper Access Control
Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10187, GHSA-2mg9-hv69-897x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x7rg-rsb5-pya7 |
|
| 32 |
| url |
VCID-y8up-cqtu-jkdw |
| vulnerability_id |
VCID-y8up-cqtu-jkdw |
| summary |
Cross-site Scripting
Persistent XSS in `/course/modedit.php` of Moodle allows authenticated users (Teacher) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the `introeditor[text]` parameter. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
|
| aliases |
CVE-2019-18210, GHSA-q6vw-27c6-jv9c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-cqtu-jkdw |
|
| 33 |
| url |
VCID-zjrq-np3y-hua5 |
| vulnerability_id |
VCID-zjrq-np3y-hua5 |
| summary |
Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3848, GHSA-45rw-4r25-jvg7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5 |
|
| 34 |
| url |
VCID-zwkk-zazw-6fgg |
| vulnerability_id |
VCID-zwkk-zazw-6fgg |
| summary |
Improper Validation of Integrity Check Value
It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20184, GHSA-mm73-86f9-5x5c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkk-zazw-6fgg |
|