moodle is vulnerable to authentication bypass. The vulnerability exists as the removal of the cohort role assignment does not properly revoke the associated capabilities.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.7.2 | |
moodle/moodle | le | 3.6.6 | |
moodle/moodle | le | 3.5.8 |
git.moodle.org/gw?p=moodle.git;a=blobdiff;f=admin/tool/cohortroles/classes/api.php;h=e94710feb10940bc9395e71036085867bf7a071c;hp=b3f0e541e0538cca48d154acab6f3df1b7554ae3;hb=7b5f4a62c18fd5bad6956828aade23e1f15b4be3;hpb=830eab425cdfa6511d7dff25b994c28d544ba8ea
bugzilla.redhat.com/show_bug.cgi?id=1788383
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14879
github.com/moodle/moodle/commit/7b5f4a62c18fd5bad6956828aade23e1f15b4be3#diff-0c36149163cf50f3f79ee0e4318aa50a