CVE-2021-32477

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions 3.10 to 3.10.3

Description The issue is related to insufficient input validation in the virtual learning environment. It may allow a remote attacker to gain unauthorized access to protected information. The last time a user accessed the mobile app is displayed on their profile page, but this information should be restricted to users with the relevant capability, such as site administrators by default.

Recommendations For Moodle versions 3.10 to 3.10.3, restrict access to the user profile page information about the last time a user accessed the mobile app to users with the relevant capability, such as site administrators by default.

Fix

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

ALT-PU-2021-1777

BDU:2021-02739

BIT-MOODLE-2021-32477

CVE-2021-32477

GHSA-VRPR-2XXX-G444

Affected Products

Alt Linux

Moodle

CVE-2021-32477

Weakness Enumeration

Related Identifiers

Affected Products

References · 13