moodle is using improper authentication. The vulnerability exists in logout_db_session
function in helper.php
where a session hijack risk was identified in the shibboleth authentication plugin, in which the sessions weren’t killed after the user logging out.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 | |
moodle/moodle | le | v3.11.2 | |
moodle/moodle | le | v3.9.9 | |
moodle/moodle | le | v3.10.6 |