PT-2019-16743 · Moodle · Moodle
Brendan Cox
·
Publicado
2019-03-26
·
Atualizado
2022-05-13
·
CVE-2019-3849
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 3.6.3
Moodle versions prior to 3.5.5
Moodle versions prior to 3.4.8
Description
A vulnerability was found that allows users to assign themselves an escalated role within courses or content accessed via LTI. This is achieved by modifying the request to the LTI publisher site.
Recommendations
For versions prior to 3.6.3, update to version 3.6.3 or later.
For versions prior to 3.5.5, update to version 3.5.5 or later.
For versions prior to 3.4.8, update to version 3.4.8 or later.
Correção
Improper Authorization
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Moodle