5 matches found
Incorrect Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization via incomplete role checks in the badge awarding. An attacker can gain unauthorized access to badges and potentially escalate privileges by exploiting insufficient verificati...
Incorrect Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to the insufficient enrolment validation in quiz notifications. An attacker can obtain limited course information by receiving quiz-related messages intended for active...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to the improperly enforced context-based capability checks in the external cohort search. An attacker can access restricted administrative data by leveraging permissions in...
Exposure of Information Through Directory Listing
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing due to the improper error handling. An attacker can gain unauthorized access to internal directory structures by sending crafted HTTP with absent...
DSA-2338-1 moodle - several
Bulletin has no description...