vulnerability
Moodle: Incorrect Authorization (CVE-2021-20281)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2021-03-15 | 2021-03-30 | 2023-11-08 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2021-03-15
Added
2021-03-30
Modified
2023-11-08
Description
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Solution(s)
moodle-upgrade-3_10_2moodle-upgrade-3_5_17moodle-upgrade-3_8_8moodle-upgrade-3_9_5
References
- CVE-2021-20281
- https://attackerkb.com/topics/CVE-2021-20281
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1939041
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
- URL-https://moodle.org/mod/forum/discuss.php?d=419652
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.