Vulnerability Details CVE-2018-1082
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101
- http://www.securityfocus.com/bid/103725
- https://moodle.org/mod/forum/discuss.php?d=367939
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101
- http://www.securityfocus.com/bid/103725
- https://moodle.org/mod/forum/discuss.php?d=367939
Products affected by CVE-2018-1082
-
cpe:2.3:a:moodle:moodle:3.3.0
-
cpe:2.3:a:moodle:moodle:3.3.1
-
cpe:2.3:a:moodle:moodle:3.3.2
-
cpe:2.3:a:moodle:moodle:3.3.3
-
cpe:2.3:a:moodle:moodle:3.3.4
-
cpe:2.3:a:moodle:moodle:3.4.0
-
cpe:2.3:a:moodle:moodle:3.4.1