PT-2021-3112 · Moodle+1 · Moodle+1
Daniel Konrad
·
Published
2021-05-10
·
Updated
2024-03-06
·
CVE-2021-32472
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.8 to 3.8.8
Moodle versions 3.9 to 3.9.6
Moodle versions 3.10 to 3.10.3
Description
The issue is related to information disclosure. Exploitation of this issue could allow a remote attacker to gain unauthorized access to protected information in CSV format. Specifically, teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances.
Recommendations
For Moodle versions 3.8 to 3.8.8, update to a version later than 3.8.8 to resolve the issue.
For Moodle versions 3.9 to 3.9.6, update to a version later than 3.9.6 to resolve the issue.
For Moodle versions 3.10 to 3.10.3, update to a version later than 3.10.3 to resolve the issue.
As a temporary workaround, consider restricting access to the CSV export feature for teachers until a patch is available.
Fix
Information Disclosure
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle