moodle/moodle is vulnerable to authentication bypass. The vulnerability exists in the user_login
function of auth.php
due to a type juggling, which allows an attacker to access restricted domains via the external database authentication.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 | |
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 |
bugzilla.redhat.com/show_bug.cgi?id=2043417
github.com/advisories/GHSA-2jxg-mv2m-j4r7
github.com/moodle/moodle/commit/03093b42b84febcc9ec54f0990d2c26b57bc7ab7
github.com/moodle/moodle/commit/4ffc17be158e12a1e5bfd84b40bc5fa237cf8853
github.com/moodle/moodle/commit/8596b6a2991a22c87b12e46d79af301be7ab5717
github.com/moodle/moodle/commit/ed4389857d13a37f82d5079ce9f516f96ba0a6db