PT-2019-11600 · Moodle+1 · Moodle+1

Mazen Gamal

Published

2019-06-18

Updated

2022-05-24

CVE-2019-10154

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7 Moodle versions prior to 3.6.4

Description: A flaw was found in a web service that fetches messages, which was not restricted to the current user's conversations.

Recommendations: For versions prior to 3.7, update to version 3.7 or later. For versions prior to 3.6.4, update to version 3.6.4 or later.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

ALT-PU-2019-2080

ALT-PU-2019-2096

CVE-2019-10154

GHSA-WW45-X87C-WGFF

Alt Linux

Moodle