Moodle is vulnerable to privilege escalation. The vulnerability exists because it does not prevent modification of the request to the LTI publisher site, allowing a user to assign an escalated role without authorization.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.5.4 | |
moodle/moodle | le | 3.4.7 | |
moodle/moodle | le | 3.6.2 |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
github.com/moodle/moodle/compare/911f7488068a56b05b0ad87be8f9e132075ab0a6...427463a52574e4b3bcbe1c65c49066438770641e
github.com/moodle/moodle/compare/a37e26d2efe1ca0e4d8d69c611a748af35b33674...cd3060d941a051931eb2613b25bafb0108665895
github.com/moodle/moodle/compare/e836242e1c04cd62d0afa4a790074fd245628e7a...b77dcd23d8e39265b5c096f0d947764c02d832c8
moodle.org/mod/forum/discuss.php?d=384012#p1547744