Main Vulnerability Database Vulnerabilities #VU18019

Permissions, Privileges, and Access Controls in Moodle - CVE-2019-3849

Published: March 19, 2019

Vulnerability identifier: #VU18019

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-3849

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges within the application.

The vulnerability exists due to an error that allows authenticated users to assign themselves an escalated role within courses or content accessed via LTI by modifying the request to the LTI publisher site. A remote authenticated attacker can escalate privileges within the application.

How to mitigate CVE-2019-3849

Install updates from vendor's website.

Sources

https://moodle.org/mod/forum/discuss.php?d=384012

Permissions, Privileges, and Access Controls in Moodle - CVE-2019-3849

Detailed vulnerability description

How to mitigate CVE-2019-3849

Sources

Please verify you're human