ALT-PU-2019-2080-2

CVE-2019-10133

MEDIUM6.1

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

Опубликовано: 2019-06-26Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xСРЕДНЯЯ 6.1

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ссылки

CVE-2019-10134

LOW3.7

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.

Опубликовано: 2019-06-26Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xНИЗКАЯ 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2019-10154

HIGH7.5

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.

Опубликовано: 2019-06-26Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Ссылки

GHSA-5xp2-rv4h-mm2q

MEDIUM6.1

Moodle Open Redirect Vulnerability

Опубликовано: 2022-05-24Изменено: 2024-01-26

CVSS 3.xСРЕДНЯЯ 6.1

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ссылки

GHSA-j8wr-7xxj-c2fr

MEDIUM4.2

Moodle Private files uploaded via incoming mail processing could bypass quota restrictions

Опубликовано: 2022-05-24Изменено: 2024-04-24

CVSS 3.xСРЕДНЯЯ 4.2

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Ссылки

GHSA-ww45-x87c-wgff

HIGH7.5

Moodle all messaging conversations could be viewed

Опубликовано: 2022-05-24Изменено: 2024-01-26

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Ссылки

Обновление пакета moodle в ветке sisyphus

Закрытые проблемы (6)

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.

Moodle Open Redirect Vulnerability

Moodle Private files uploaded via incoming mail processing could bypass quota restrictions

Moodle all messaging conversations could be viewed