vulnerability
Moodle: (CVE-2019-3847): MSA-19-0004: "Log in as" functionality exposed to JavaScript risk on other users' Dashboards
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Mar 19, 2019 | Mar 19, 2019 | Jan 12, 2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Mar 19, 2019
Added
Mar 19, 2019
Modified
Jan 12, 2023
Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
Solution
moodle-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.