Main Vulnerability Database Vulnerabilities #VU18022

#VU18022 Improper Authorization in Moodle - CVE-2019-3852

Published: March 19, 2019

Vulnerability identifier: #VU18022

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3852

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to get_with_capability_join() and get_users_by_capability() methods did not take into consideration current activity status of the account (e.g. if the account is frozen or not) when checking user capabilities.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=384015

#VU18022 Improper Authorization in Moodle - CVE-2019-3852

Description

Remediation

External links

Please verify you're human