Description
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Remediation
References
Related Vulnerabilities
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)
WordPress Plugin Easy Contact Form Solution Cross-Site Scripting (1.6)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-9585)
Ruby Improper Input Validation Vulnerability (CVE-2011-4815)
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)