Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by The Moodle Project
CVE-2020-1692 (GCVE-0-2020-1692)
Vulnerability from cvelistv5 – Published: 2020-02-17 15:38 – Updated: 2024-08-04 06:46
VLAI
EPSS
VEX
Summary
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Severity
8.1 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
before 3.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "before 3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T15:38:35.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "before 3.7.2"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1692",
"datePublished": "2020-02-17T15:38:35.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:46:30.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10186 (GCVE-0-2019-10186)
Vulnerability from cvelistv5 – Published: 2019-07-31 21:40 – Updated: 2024-08-04 22:10
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Severity
6.5 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109175 | vdb-entryx_refsource_BID |
| https://moodle.org/mod/forum/discuss.php?d=388567… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:20:46.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109175"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329",
"refsource": "MISC",
"url": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10186",
"datePublished": "2019-07-31T21:40:55.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:10.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10187 (GCVE-0-2019-10187)
Vulnerability from cvelistv5 – Published: 2019-07-31 21:39 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
Severity
4 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109174 | vdb-entryx_refsource_BID |
| https://moodle.org/mod/forum/discuss.php?d=388568… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:27:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109174"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330",
"refsource": "MISC",
"url": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10187",
"datePublished": "2019-07-31T21:39:40.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10188 (GCVE-0-2019-10188)
Vulnerability from cvelistv5 – Published: 2019-07-31 21:29 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.
Severity
4 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109178 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://moodle.org/mod/forum/discuss.php?d=388569 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:21:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109178"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388569",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=388569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10188",
"datePublished": "2019-07-31T21:29:44.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10189 (GCVE-0-2019-10189)
Vulnerability from cvelistv5 – Published: 2019-07-31 21:27 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.
Severity
4 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109271 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://moodle.org/mod/forum/discuss.php?d=388570 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:24:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109271"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388570",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=388570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10189",
"datePublished": "2019-07-31T21:27:36.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1692 (GCVE-0-2020-1692)
Vulnerability from nvd – Published: 2020-02-17 15:38 – Updated: 2024-08-04 06:46
VLAI
EPSS
VEX
Summary
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Severity
8.1 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
before 3.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "before 3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T15:38:35.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "before 3.7.2"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.1/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1692",
"datePublished": "2020-02-17T15:38:35.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:46:30.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10186 (GCVE-0-2019-10186)
Vulnerability from nvd – Published: 2019-07-31 21:40 – Updated: 2024-08-04 22:10
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Severity
6.5 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109175 | vdb-entryx_refsource_BID |
| https://moodle.org/mod/forum/discuss.php?d=388567… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:20:46.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109175"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329",
"refsource": "MISC",
"url": "https://moodle.org/mod/forum/discuss.php?d=388567#p1566329"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10186",
"datePublished": "2019-07-31T21:40:55.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:10.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10187 (GCVE-0-2019-10187)
Vulnerability from nvd – Published: 2019-07-31 21:39 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
Severity
4 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109174 | vdb-entryx_refsource_BID |
| https://moodle.org/mod/forum/discuss.php?d=388568… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:27:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109174"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330",
"refsource": "MISC",
"url": "https://moodle.org/mod/forum/discuss.php?d=388568#p1566330"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10187",
"datePublished": "2019-07-31T21:39:40.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10188 (GCVE-0-2019-10188)
Vulnerability from nvd – Published: 2019-07-31 21:29 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.
Severity
4 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109178 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://moodle.org/mod/forum/discuss.php?d=388569 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:21:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109178"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388569",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=388569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10188",
"datePublished": "2019-07-31T21:29:44.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10189 (GCVE-0-2019-10189)
Vulnerability from nvd – Published: 2019-07-31 21:27 – Updated: 2024-08-04 22:17
VLAI
EPSS
VEX
Summary
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.
Severity
4 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/109271 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://moodle.org/mod/forum/discuss.php?d=388570 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Moodle Project | moodle |
Affected:
3.7.1
Affected: 3.6.5 Affected: 3.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moodle",
"vendor": "The Moodle Project",
"versions": [
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T21:24:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "109271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=388570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moodle",
"version": {
"version_data": [
{
"version_value": "3.7.1"
},
{
"version_value": "3.6.5"
},
{
"version_value": "3.5.7"
}
]
}
}
]
},
"vendor_name": "The Moodle Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109271"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=388570",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=388570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10189",
"datePublished": "2019-07-31T21:27:36.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}