Description

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

CVE-2021-20283

Related Vulnerabilities

WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)

Seo Panel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-22643)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-31550)

MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)

MySQL CVE-2015-2643 Vulnerability (CVE-2015-2643)

Severity

Medium

Classification

CVE-2021-20283 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities