moodle/moodle Security Advisories for v3.10.5 (42)
-
[MEDIUM] Cross-site Scripting in Moodle Chat
PKSA-dkf4-gr8b-q7z7 CVE-2024-28593 GHSA-f6mh-79vh-2hv7
Affected version: <=4.3.3
Reported by:
GitHub -
[HIGH] Uncontrolled Resource Consumption in moodle
PKSA-cnq3-npb7-81gr CVE-2024-25978 GHSA-487g-3m3v-hjhq
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Handling of Parameters in moodle
PKSA-8zq5-86tq-npgn CVE-2024-25979 GHSA-6vjf-48fh-vxxj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-q882-vvk2-55y5 CVE-2024-25980 GHSA-cp8m-h777-g4p3
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-1rtr-36p9-m5t2 CVE-2024-25981 GHSA-jfrg-9hpq-9hvp
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in moodle
PKSA-ywdp-r6kr-8xch CVE-2024-25982 GHSA-7pjp-fm93-p6pj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[LOW] Authorization Bypass in moodle
PKSA-yn3d-by8g-nzfj CVE-2024-25983 GHSA-9r26-5w88-qhp9
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-57rb-5xt6-dhwq CVE-2024-1439 GHSA-5p2x-8427-9fgp
Affected version: <=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-nw4f-rh34-rrdv CVE-2023-5544 GHSA-j5xf-gv89-g422
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-qmp2-c2q6-ys9x CVE-2023-5545 GHSA-26fg-v32r-h663
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-hc6s-n6ty-9y9s CVE-2023-5547 GHSA-9gqp-3g28-w9xc
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
PKSA-7z8c-xy4p-1ctc CVE-2023-5548 GHSA-cwh2-q44x-5w3c
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-hfk2-p537-bfvp CVE-2023-5549 GHSA-fm5h-58g2-4m3f
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-4qqg-7p6g-qrrf CVE-2023-5550 GHSA-5cvx-cwpx-9rjh
Affected version: <3.9.24|>=3.10.0,<3.11.17|>=4.0.0,<4.0.11|>=4.1.0,<4.1.6|>=4.2.0,<4.2.3|>=4.3.0-beta,<4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-6cjp-j4yt-m8jy CVE-2023-5551 GHSA-jr83-8x65-xcr5
Affected version: <3.9.24|>=3.10.0,<3.11.17|>=4.0.0,<4.0.11|>=4.1.0,<4.1.6|>=4.2.0,<4.2.3|>=4.3.0-beta,<4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-fmy8-x52s-r4tc CVE-2023-5539 GHSA-3xxm-3g3c-w579
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-9gb6-31c6-p6xb CVE-2023-5540 GHSA-w8x2-w4qr-v3x4
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-71dn-fkh5-k7hn CVE-2023-5541 GHSA-28gc-4qq5-8q26
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-d458-bwfk-smkv CVE-2023-5542 GHSA-8mm2-m2gp-c6x2
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-mc6m-hdgk-qpkp CVE-2023-5546 GHSA-9724-h8p7-r3jv
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-1tyr-r2xr-8vx6 CVE-2023-35131 GHSA-fwfj-8p36-rc64
Affected version: <3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to SQL Injection
PKSA-dhd3-j88c-2sy9 CVE-2023-35132 GHSA-49mv-vfcp-8gg9
Affected version: <3.9.22|>=3.10.0,<3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Server Side Request Forgery
PKSA-59yt-9rbk-gvyv CVE-2023-35133 GHSA-xxp4-mf4h-6cwm
Affected version: <3.9.22|>=3.10.0,<3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle External Control of File Name or Path vulnerability
PKSA-tkmd-sfy5-9ntm CVE-2023-30943 GHSA-22gj-8qj2-fj46
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-vvyj-pzxn-byrt CVE-2023-30944 GHSA-7mmc-22g7-3xq2
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-j8km-3bqv-4yq3 CVE-2023-23921 GHSA-97qf-pq7x-964m
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6|>=3.10.0,<3.11.12|<3.9.19
Reported by:
GitHub -
[HIGH] Moodle Improper Access Control vulnerability
PKSA-9ggk-wqx1-s523 CVE-2023-23923 GHSA-32jc-9p58-p82x
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6|>=3.10.0,<3.11.12|<3.9.19
Reported by:
GitHub -
[HIGH] Moodle contains CSRF vulnerability
PKSA-wk49-jvzs-n8zp CVE-2021-43559 GHSA-3jrj-x6cj-97cp
Affected version: >=3.9,<=3.9.10|>=3.10,<=3.10.7|>=3.11,<=3.11.3
Reported by:
GitHub -
[MEDIUM] Moodle Vulnerable to Reflected Cross-site Scripting
PKSA-88nn-1j9c-7vz4 CVE-2021-20183 GHSA-xhfx-rm8q-c3xv
Affected version: >=3.10,<4.0.0-beta
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information in moodle
PKSA-yv8d-6896-kwd1 CVE-2022-30598 GHSA-fj6p-g234-rrv3
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[CRITICAL] Incorrect Calculation in moodle
PKSA-6vy4-xp1h-g5xx CVE-2022-30600 GHSA-w37f-pvvx-wcwm
Affected version: >=3.11,<3.11.7|>=3.10,<3.10.11|>=3.9,<3.9.14|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in moodle
PKSA-t41x-1pbm-pq6j CVE-2022-30596 GHSA-wvh5-78h5-gmgr
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] External Control of Assumed-Immutable Web Parameter in moodle
PKSA-8gg4-921q-8s9n CVE-2022-30597 GHSA-x6gm-qqwp-76gr
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[CRITICAL] SQL injection in moodle
PKSA-kbfy-hrnp-4yty CVE-2022-30599 GHSA-69c3-5xxf-58q2
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] Improper Authentication in moodle
PKSA-pjh1-h464-6bwp CVE-2022-0985 GHSA-6q9g-3vfq-q2qj
Affected version: >=3.9,<3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[MEDIUM] Missing authorization in Moodle
PKSA-wnz7-3jhx-ydz3 CVE-2022-0984 GHSA-c5hf-mc85-2hx4
Affected version: <3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[HIGH] SQL Injection in Moodle
PKSA-3tp5-6sqk-x25n CVE-2022-0983 GHSA-h2fw-93qx-vrcq
Affected version: <3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[LOW] Insufficient user authorization in Moodle
PKSA-9zbz-v465-kgkg CVE-2022-0333 GHSA-m434-m5pv-p35w
Affected version: >=3.9,<3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[MEDIUM] Insufficient user authorization in Moodle
PKSA-bnvf-vkcb-sdkk CVE-2022-0334 GHSA-93pj-4p65-qmr9
Affected version: <3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[HIGH] Cross Site Request Forgery in Moodle
PKSA-5jbg-f5mn-rr6y CVE-2022-0335 GHSA-xpfv-89vg-r562
Affected version: >=3.9,<3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[CRITICAL] Moodle vulnerable to RCE via unsafe deserialization
PKSA-25fk-g12d-tpq4 CVE-2021-3943 GHSA-8jhp-2gcr-qw96
Affected version: >=3.9,<=3.9.10|>=3.10,<=3.10.7|>=3.11,<=3.11.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in moodle
PKSA-3z9j-mn6z-3fqz CVE-2021-43558 GHSA-wpfp-q843-v772
Affected version: >=3.9.0,<3.9.11|>=3.10.0,<3.10.8|>=3.11.0,<3.11.4
Reported by:
GitHub