PT-2019-11600 · Moodle+1 · Moodle+1

Mazen Gamal

·

Publicado

2019-06-18

·

Atualizado

2022-05-24

·

CVE-2019-10154

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7 Moodle versions prior to 3.6.4
Description: A flaw was found in a web service that fetches messages, which was not restricted to the current user's conversations.
Recommendations: For versions prior to 3.7, update to version 3.7 or later. For versions prior to 3.6.4, update to version 3.6.4 or later.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

ALT-PU-2019-2080
ALT-PU-2019-2096
CVE-2019-10154
GHSA-WW45-X87C-WGFF

Produtos afetados

Alt Linux
Moodle