moodle/moodle is vulnerable to authorization bypass. A teacher is able to un-enrol users without permission using course restore.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.9.2 | |
moodle/moodle | le | v3.10.0-rc2 | |
moodle/moodle | le | v3.5.14 | |
moodle/moodle | le | v3.8.5 | |
moodle/moodle | le | v3.7.8 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837
bugzilla.redhat.com/show_bug.cgi?id=1895419
lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
moodle.org/mod/forum/discuss.php?d=413935