Bitnami package
moodle
pkg:bitnami/moodle
Vulnerabilities (225)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25700 | Med | 6.5 | >= 3.5.0, < 3.5.15 | 3.5.15 | Nov 19, 2020 | In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. | |
| CVE-2020-25699 | Hig | 7.5 | >= 3.5.0, < 3.5.15 | 3.5.15 | Nov 19, 2020 | In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed | |
| CVE-2020-25698 | Hig | 7.5 | >= 3.5.0, < 3.5.15 | 3.5.15 | Nov 19, 2020 | Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 an | |
| CVE-2020-10738 | Hig | 7.5 | >= 3.5.0, < 3.5.12 | 3.5.12 | May 21, 2020 | A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in orde | |
| CVE-2020-1692 | Hig | 8.1 | < 3.7.2 | 3.7.2 | Feb 17, 2020 | Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. |
- affected >= 3.5.0, < 3.5.15fixed 3.5.15
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.
- affected >= 3.5.0, < 3.5.15fixed 3.5.15
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed
- affected >= 3.5.0, < 3.5.15fixed 3.5.15
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 an
- affected >= 3.5.0, < 3.5.12fixed 3.5.12
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in orde
- affected < 3.7.2fixed 3.7.2
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Page 12 of 12