CVE-2019-14828

2021-03-1920:09:16

CWE-285

redhat

www.cve.org

moodle

vulnerability

versions 3.5-3.7.1

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.

CNA Affected

[
  {
    "product": "Moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions"
      }
    ]
  }
]

References

moodle.org/mod/forum/discuss.php?d=391031