Moodle is prone to an unauthorized-access vulnerability.
Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions. This may aid in further attacks.
Moodle 3.1 through 3.1.9, 3.2 through 3.2.6, 3.3 through 3.3.3, and 3.4 are vulnerable.
Information
Moodle Moodle 3.3.1
Moodle Moodle 3.2.6
Moodle Moodle 3.2.4
Moodle Moodle 3.1.9
Moodle Moodle 3.1.7
Moodle Moodle 3.1.4
Moodle Moodle 3.1.3
Moodle Moodle 3.1.2
Moodle Moodle 3.1.1
Moodle Moodle 3.4
Moodle Moodle 3.3.2
Moodle Moodle 3.3
Moodle Moodle 3.2.5
Moodle Moodle 3.2.3
Moodle Moodle 3.2.2
Moodle Moodle 3.2.1
Moodle Moodle 3.2
Moodle Moodle 3.1.8
Moodle Moodle 3.1.6
Moodle Moodle 3.1.5
Moodle Moodle 3.1
Moodle Moodle 3.2.7
Moodle Moodle 3.1.10
Moodle Moodle 3.4.1
Exploit
An attacker can exploit this issue using a web browser.
References:
- Moodle Homepage (Moodle)
- MSA-18-0003: Privilege escalation in quiz web services (Moodle)