VYPR

Bitnami package

moodle

pkg:bitnami/moodle

Vulnerabilities (225)

  • CVE-2020-25700MedNov 19, 2020
    affected >= 3.5.0, < 3.5.15fixed 3.5.15

    In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.

  • CVE-2020-25699HigNov 19, 2020
    affected >= 3.5.0, < 3.5.15fixed 3.5.15

    In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed

  • CVE-2020-25698HigNov 19, 2020
    affected >= 3.5.0, < 3.5.15fixed 3.5.15

    Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 an

  • CVE-2020-10738HigMay 21, 2020
    affected >= 3.5.0, < 3.5.12fixed 3.5.12

    A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in orde

  • CVE-2020-1692HigFeb 17, 2020
    affected < 3.7.2fixed 3.7.2

    Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.

Page 12 of 12