CVE-2021-20283
CVE-2021-20283
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Affected products
n/a · moodleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=1939051https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/https://moodle.org/mod/forum/discuss.php?d=419654