ALT-PU-2019-2248-2

BDU:2020-02113

MEDIUM4.3

Уязвимость виртуальной обучающей среды moodle, связанная с недостатками контроля доступа, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Опубликовано: 2020-05-15

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

Ссылки

CVE-2019-10189

CVE-2019-10186

HIGH8.8

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

Опубликовано: 2019-07-31Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

CVE-2019-10187

MEDIUM4.3

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.

Опубликовано: 2019-07-31Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2019-10188

MEDIUM4.3

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.

Опубликовано: 2019-07-31Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ссылки

CVE-2019-10189

MEDIUM4.3

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.

Опубликовано: 2019-07-31Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ссылки

GHSA-2mg9-hv69-897x

MEDIUM4.3

Moodle Ability to delete glossary entries that belong to another glossary

Опубликовано: 2022-05-24Изменено: 2024-04-24

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ссылки

GHSA-92q5-2h76-vgmj

MEDIUM4.0

moodle Improper Access Control

Опубликовано: 2022-05-24Изменено: 2024-04-24

CVSS 3.xСРЕДНЯЯ 4.0

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Ссылки

GHSA-h7xp-7fjp-ghhc

MEDIUM4.0

moodle Improper Access Control

Опубликовано: 2022-05-24Изменено: 2024-04-24

CVSS 3.xСРЕДНЯЯ 4.0

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Ссылки

GHSA-wv9c-pfpm-4wc5

HIGH8.8

Moodle CSRF Vulnerability

Опубликовано: 2022-05-24Изменено: 2023-08-26

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ссылки

Обновление пакета moodle в ветке sisyphus

Закрытые проблемы (9)

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.

Moodle Ability to delete glossary entries that belong to another glossary

moodle Improper Access Control

moodle Improper Access Control

Moodle CSRF Vulnerability