Lucene search
Veracode Vulnerability DatabaseVERACODE:37347HistorySep 30, 2022 - 5:24 a.m.
Authentication Bypass
2022-09-3005:24:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.001 Low
EPSS
Percentile
22.9%
moodle/moodle is vulnerable to authentication bypass. The vulnerability exists in the user_login function of auth.php due to a type juggling, which allows an attacker to access restricted domains via the external database authentication.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | v3.11.2 | |
| moodle/moodle | le | v3.9.9 | |
| moodle/moodle | le | v3.10.6 | |
| moodle/moodle | le | v3.11.2 | |
| moodle/moodle | le | v3.9.9 | |
| moodle/moodle | le | v3.10.6 |
References
bugzilla.redhat.com/show_bug.cgi?id=2043417
github.com/advisories/GHSA-2jxg-mv2m-j4r7
github.com/moodle/moodle/commit/03093b42b84febcc9ec54f0990d2c26b57bc7ab7
github.com/moodle/moodle/commit/4ffc17be158e12a1e5bfd84b40bc5fa237cf8853
github.com/moodle/moodle/commit/8596b6a2991a22c87b12e46d79af301be7ab5717
github.com/moodle/moodle/commit/ed4389857d13a37f82d5079ce9f516f96ba0a6db
Related
cve
cve
CVE-2021-40693
2022-09-29 03:15:14
osv
osv
BIT-moodle-2021-40693
2024-03-06 11:07:21
Moodle type juggling vulnerability
2022-09-30 00:00:30
CVE-2021-40693
2022-09-29 03:15:14
redhatcve
redhatcve
CVE-2021-40693
2022-05-20 22:48:41
cvelist
cvelist
CVE-2021-40693
2022-01-21 18:17:47
ubuntucve
ubuntucve
CVE-2021-40693
2022-09-29 00:00:00
prion
prion
Authentication flaw
2022-09-29 03:15:00
nvd
nvd
CVE-2021-40693
2022-09-29 03:15:14
github
github
Moodle type juggling vulnerability
2022-09-30 00:00:30
nessus
nessus
Moodle 3.9.x < 3.9.10 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.7 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.3 Multiple Vulnerabilities
2023-02-20 00:00:00
openvas
openvas
Moodle Session Hijack Vulnerability (MSA-21-0032)
2023-08-16 00:00:00