Moodle: Security Vulnerabilities
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-09-30
A session hijack risk was identified in the Shibboleth authentication plugin.
CVSS Score
4.3
EPSS Score
0.007
Published
2022-09-29
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVSS Score
4.3
EPSS Score
0.006
Published
2022-09-29
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-09-29
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVSS Score
4.9
EPSS Score
0.009
Published
2022-09-29
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVSS Score
4.3
EPSS Score
0.009
Published
2022-09-29
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVSS Score
5.4
EPSS Score
0.008
Published
2022-09-13
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-08-16
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS Score
8.8
EPSS Score
0.164
Published
2022-08-16
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-08-16