Description

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.

Remediation

References

CVE-2019-10187

Related Vulnerabilities

MySQL CVE-2019-2974 Vulnerability (CVE-2019-2974)

WordPress Plugin YITH WooCommerce Wishlist Unspecified Vulnerability (2.0.6)

Oracle JRE CVE-2013-5801 Vulnerability (CVE-2013-5801)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7951)

Severity

Medium

Classification

CVE-2019-10187 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities