CVE-2019-3849

CVSS 6.3 MEDIUMEPSS 1.0%CWE-285

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

[UNKNOWN] · moodle

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849 https://moodle.org/mod/forum/discuss.php?d=384012#p1547744