vulnerability
Ubuntu: (CVE-2019-3847): moodle vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Mar 27, 2019 | Jun 26, 2025 | Jun 26, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Mar 27, 2019
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
Solution
no-fix-ubuntu-package
References
- CVE-2019-3847
- https://attackerkb.com/topics/CVE-2019-3847
- URL-http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63786
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
- URL-https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
- URL-https://www.cve.org/CVERecord?id=CVE-2019-3847
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.