2 matches found
Moodle Users could elevate their role when accessing the LTI tool on a provider site
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...
Privilege Escalation
Moodle is vulnerable to privilege escalation. The vulnerability exists because it does not prevent modification of the request to the LTI publisher site, allowing a user to assign an escalated role without authorization...