Lucene search
RedhatCVELIST:CVE-2021-20283HistoryMar 15, 2021 - 9:36 p.m.
CVE-2021-20283
2021-03-1521:36:11
CWE-863
redhat
www.cve.org
5
web service
moodle
unauthorized access
enrolled courses
permission validation
cve-2021-20283
The web service responsible for fetching other users’ enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
CNA Affected
[
{
"product": "moodle",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.10.2, 3.9.5, 3.8.8, 3.5.17"
}
]
}
]References
bugzilla.redhat.com/show_bug.cgi?id=1939051
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
moodle.org/mod/forum/discuss.php?d=419654
Related
osv
osv
CVE-2021-20283
2021-03-15 22:15:13
Missing permission check in Moodle
2022-05-24 17:44:37
BIT-moodle-2021-20283
2024-03-06 11:10:44
veracode
veracode
Insecure Access Control
2021-03-17 04:59:58
prion
prion
Code injection
2021-03-15 22:15:00
ubuntucve
ubuntucve
CVE-2021-20283
2021-03-15 00:00:00
github
github
Missing permission check in Moodle
2022-05-24 17:44:37
cve
cve
CVE-2021-20283
2021-03-15 22:15:13
nvd
nvd
CVE-2021-20283
2021-03-15 22:15:13
openvas
openvas
Fedora: Security Advisory for moodle (FEDORA-2021-431b232659)
2021-03-24 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2021-50f63a0161)
2021-03-24 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2021-1c27e89d49)
2021-03-20 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: moodle-3.8.8-1.fc32
2021-03-23 01:12:58
[SECURITY] Fedora 33 Update: moodle-3.9.5-1.fc33
2021-03-23 01:34:46
[SECURITY] Fedora 34 Update: moodle-3.10.2-1.fc34
2021-03-19 20:34:49
nessus
nessus
Fedora 32 : moodle (2021-50f63a0161)
2021-03-23 00:00:00
Fedora 33 : moodle (2021-431b232659)
2021-03-23 00:00:00
Moodle 3.10.x < 3.10.2 Multiple Vulnerabilities
2023-02-20 00:00:00