Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-eaf7-c68j-audm
Vulnerability ID VCID-eaf7-c68j-audm
Aliases CVE-2019-3852
GHSA-v2rh-5v88-rgvh
Summary Moodle context freezing A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700
https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204
https://moodle.org/mod/forum/discuss.php?d=384015#p1547748
https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410
CVE-2019-3852 https://nvd.nist.gov/vuln/detail/CVE-2019-3852
GHSA-v2rh-5v88-rgvh https://github.com/advisories/GHSA-v2rh-5v88-rgvh
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:55.981007+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3852.yml 38.6.0