6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
37.2%
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 3.6.3 | |
moodle/moodle | lt | 3.5.5 | |
moodle/moodle | lt | 3.4.8 |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
github.com/advisories/GHSA-5wg9-5w3f-hxmh
github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e
github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d
github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f
github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c
github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8
github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895
github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438
moodle.org/mod/forum/discuss.php?d=384012#p1547744
nvd.nist.gov/vuln/detail/CVE-2019-3849
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
37.2%