Lucene search
GoogleOSV:GHSA-774Q-WFCP-VC2QHistoryMay 24, 2022 - 5:11 p.m.
Moodle Email media URL tokens were not checking for user status
2022-05-2417:11:48
Google
osv.dev
4
moodle
email
url
tokens
vulnerability
notifications
inline attachments
user status
account
active
files
file path
security
software
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user’s account was no longer active. Note: to access files, a user would need to know the file path, and their token.
Related
osv
osv
CVE-2019-14883
2020-03-18 13:15:12
cve
cve
CVE-2019-14883
2020-03-18 13:15:12
ubuntucve
ubuntucve
CVE-2019-14883
2020-03-18 00:00:00
cvelist
cvelist
CVE-2019-14883
2020-03-18 12:16:16
openvas
openvas
Moodle 3.6.x < 3.6.7, 3.7.x < 3.7.3 Multiple Vulnerabilities
2019-11-20 00:00:00
symantec
symantec
Moodle CVE-2019-14883 Remote Security Vulnerability
2019-11-18 00:00:00
github
github
Moodle Email media URL tokens were not checking for user status
2022-05-24 17:11:48
veracode
veracode
Information Disclosure
2020-01-08 05:20:29
prion
prion
Design/Logic Flaw
2020-03-18 13:15:00
nvd
nvd
CVE-2019-14883
2020-03-18 13:15:12