2 matches found
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to the improperly enforced context-based capability checks in the external cohort search. An attacker can access restricted administrative data by leveraging permissions in...
Unauthorized Data Access
moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to lack of proper validation of user permissions before allowing access to cohort data, which allows an attacker to view cohort information they are not authorized to access...