PT-2019-16734 · Moodle · Moodle

Fariskhi Vidyan

·

Publicado

2019-03-25

·

Atualizado

2022-05-13

·

CVE-2019-3808

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 3.1 to 3.1.15 Moodle versions 3.4 to 3.4.6 Moodle versions 3.5 to 3.5.3 Moodle versions 3.6 to 3.6.1
Description A flaw was found in the 'manage groups' capability, which did not have the 'XSS risk' flag assigned to it, despite having access in certain places. This capability is intended for use by trusted users and is assigned to teachers and managers by default.
Recommendations For Moodle versions 3.1 to 3.1.15, update to a version later than 3.1.15 to resolve the issue. For Moodle versions 3.4 to 3.4.6, update to a version later than 3.4.6 to resolve the issue. For Moodle versions 3.5 to 3.5.3, update to a version later than 3.5.3 to resolve the issue. For Moodle versions 3.6 to 3.6.1, update to a version later than 3.6.1 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-3808
GHSA-4R2P-WPV5-683W

Produtos afetados

Moodle