MEDIUM4.3
A session hijack risk was identified in the Shibboleth authentication plugin.
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity:
Closed issues (10)
MEDIUM4.3
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NMEDIUM6.5
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NMEDIUM4.9
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NMEDIUM4.3
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NMEDIUM6.5
Moodle type juggling vulnerability
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NMEDIUM4.3
Moodle Improper Authentication
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NMEDIUM4.3
Moodle Exposure of Sensitive Information to an Unauthorized Actor
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NMEDIUM4.9
Moodle Improper Encoding or Escaping of Output
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NMEDIUM4.3
Moodle Incorrect Authorization
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N