moodle/moodle is vulnerable to information disclosure attacks. The vulnerability exists as permissions were not checked in the calendar’s edit event modal popup, allowing information disclosure attacks.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.5.4 | |
moodle/moodle | le | 3.4.7 | |
moodle/moodle | le | 3.6.2 | |
moodle/moodle | le | 3.5.4 | |
moodle/moodle | le | 3.4.7 | |
moodle/moodle | le | 3.6.2 |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
github.com/moodle/moodle/commit/2cebb87682780eb9fccf16a6859c6b622da08bba
github.com/moodle/moodle/commit/5226cc8a507d18682b52298fbd02e9e462bf5ed9
github.com/moodle/moodle/commit/816e6abb1b0a69f9e105e36c778b768d47ad5168
moodle.org/mod/forum/discuss.php?d=384011#p1547743