Bitnami package
moodle
pkg:bitnami/moodle
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25698 | — | >= 3.5.0, < 3.5.15 | 3.5.15 | Nov 19, 2020 | Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 an | ||
| CVE-2020-25699 | — | >= 3.5.0, < 3.5.15 | 3.5.15 | Nov 19, 2020 | In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed | ||
| CVE-2020-10738 | — | >= 3.5.0, < 3.5.12 | 3.5.12 | May 21, 2020 | A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in orde | ||
| CVE-2020-1692 | — | < 3.7.2 | 3.7.2 | Feb 17, 2020 | Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. |
- CVE-2020-25698Nov 19, 2020affected >= 3.5.0, < 3.5.15fixed 3.5.15
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 an
- CVE-2020-25699Nov 19, 2020affected >= 3.5.0, < 3.5.15fixed 3.5.15
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed
- CVE-2020-10738May 21, 2020affected >= 3.5.0, < 3.5.12fixed 3.5.12
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in orde
- CVE-2020-1692Feb 17, 2020affected < 3.7.2fixed 3.7.2
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Page 12 of 12