Description
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.2.12)
WordPress Plugin WPML Translation Management PHP Object Injection (2.4.1)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0272)
Java Unspesificed Vulnerability (CVE-2018-3157)
Apache HTTP Server Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-0220)