Page 14 of 465 results (0.229 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. Unas capacidades de inscripción de los usuarios no estaban suficientemente comprobadas en Moodle cuando son restauradas en un curso existente. • https://bugzilla.redhat.com/show_bug.cgi?id=1895419 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413935 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. En moodle, las comprobaciones insuficientes de capacidad podrían conllevar a usuarios con una capacidad de restaurar el curso agregar capacidades adicionales a los roles dentro de ese curso. Versiones afectadas: 3.9 hasta 3.9.2, 3.8 hasta 3.8.5, 3.7 hasta 3.7.8, 3.5 hasta 3.5.14 y versiones anteriores no compatibles. • https://bugzilla.redhat.com/show_bug.cgi?id=1895425 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413936 • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. Se encontró un fallo en Moodle versiones 3.8 anteriores a la versión 3.8.3, versiones 3.7 anteriores a 3.7.6, versiones 3.6 anteriores a 3.6.10, versiones 3.5 anteriores a 3.5.12 y versiones anteriores no compatibles. Fue posible crear un paquete SCORM de tal manera que cuando se agregara a un curso, podría interactuar con él por medio de servicios web a fin de lograr una ejecución de código remota. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68410 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10738 https://moodle.org/mod/forum/discuss.php?d=403513 • CWE-20: Improper Input Validation •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. Se detectó una vulnerabilidad en Moodle versiones 3.7 anteriores a 3.7.3, versiones 3.6 anteriores a 3.6.7, versiones 3.5 anteriores a 3.5.9. Los proveedores de OAuth 2 quienes no verifican los cambios en la dirección de correo electrónico de los usuarios requieren una verificación adicional durante el registro para reducir el riesgo de comprometer la cuenta. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14880 https://moodle.org/security • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. Se detectó una vulnerabilidad en moodle versión 3.7 en versiones anteriores a la 3.7.3, donde se presenta un ataque de tipo XSS reflejado ciego en algunas ubicaciones donde el correo electrónico del usuario es mostrado. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14881 https://moodle.org/mod/forum/discuss.php?d=393584#p1586746 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •