CVE-2021-20283
MEDIUM4.3EPSS 0.15%Missing permission check in Moodle
發布日:2022/5/24修改日:2025/4/3
描述
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
受影響套件(2)
- Bitnami/moodle>= 3.5.0, < 3.5.17, >= 3.8.0, < 3.8.8, >= 3.9.0, < 3.9.5, >= 3.10.0, < 3.10.2
- Packagist/moodle/moodle>= 3.10.0, < 3.10.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-20283
- PATCHhttps://github.com/moodle/moodle
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1939051
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT
- WEBhttps://moodle.org/mod/forum/discuss.php?d=419654