vulnerability
Moodle: (CVE-2019-3849): MSA-19-0006: Users could elevate their role when accessing the LTI tool on a provider site
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Mar 19, 2019 | Mar 19, 2019 | Jan 12, 2023 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Mar 19, 2019
Added
Mar 19, 2019
Modified
Jan 12, 2023
Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Solution
moodle-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.