Lucene search
Veracode Vulnerability DatabaseVERACODE:13555HistoryMar 27, 2019 - 7:42 a.m.
Privilege Escalation
2019-03-2707:42:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
37.2%
Moodle is vulnerable to privilege escalation. The vulnerability exists because it does not prevent modification of the request to the LTI publisher site, allowing a user to assign an escalated role without authorization.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | 3.5.4 | |
| moodle/moodle | le | 3.4.7 | |
| moodle/moodle | le | 3.6.2 |
References
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
github.com/moodle/moodle/compare/911f7488068a56b05b0ad87be8f9e132075ab0a6...427463a52574e4b3bcbe1c65c49066438770641e
github.com/moodle/moodle/compare/a37e26d2efe1ca0e4d8d69c611a748af35b33674...cd3060d941a051931eb2613b25bafb0108665895
github.com/moodle/moodle/compare/e836242e1c04cd62d0afa4a790074fd245628e7a...b77dcd23d8e39265b5c096f0d947764c02d832c8
moodle.org/mod/forum/discuss.php?d=384012#p1547744
Related
nvd
nvd
CVE-2019-3849
2019-03-26 18:29:00
prion
prion
Design/Logic Flaw
2019-03-26 18:29:00
github
github
ubuntucve
ubuntucve
CVE-2019-3849
2019-03-26 00:00:00
redhatcve
redhatcve
CVE-2019-3849
2022-05-20 23:59:07
cvelist
cvelist
CVE-2019-3849
2019-03-26 17:46:47
cve
cve
CVE-2019-3849
2019-03-26 18:29:00
osv
osv
Moodle Users could elevate their role when accessing the LTI tool on a provider site
2022-05-13 01:14:32
CVE-2019-3849
2019-03-26 18:29:00
openvas
openvas