Main Vulnerability Database Vulnerabilities #VU51480

#VU51480 Improper access control in Moodle - CVE-2021-20283

Published: March 15, 2021

Vulnerability identifier: #VU51480

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-20283

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course. A remote user can gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=419654

#VU51480 Improper access control in Moodle - CVE-2021-20283

Description

Remediation

External links

Please verify you're human