Description

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

CVE-2021-20283

Related Vulnerabilities

WordPress Plugin Autoptimize Cross-Site Scripting (3.1.0)

XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)

Drupal Improper Input Validation Vulnerability (CVE-2022-25273)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3714)

WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)

Severity

Medium

Classification

CVE-2021-20283 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities