Description

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

CVE-2021-20283

Related Vulnerabilities

WordPress Plugin WP Review Multiple Unspecified Vulnerabilities (2.0)

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7132)

Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-29477)

Oracle JRE CVE-2019-2989 Vulnerability (CVE-2019-2989)

Zope Web Application Server Other Vulnerability (CVE-2010-3198)

Severity

Medium

Classification

CVE-2021-20283 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities