vulnerability

Ubuntu: (CVE-2019-3847): moodle vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Mar 27, 2019

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

Solution

no-fix-ubuntu-package

References

CVE-2019-3847
https://attackerkb.com/topics/CVE-2019-3847
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63786
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
https://www.cve.org/CVERecord?id=CVE-2019-3847

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report