Summary
New vulnerabilities have been detected in Moodle, a well-known open source platform typically used for the delivery of e-learning courses, of which 3 with “high” severity.
Risk
Estimate of impact of the vulnerability on the reference community: Medium (63.46)
Type
- Denial of Service
- Information Disclosure
- Security Restrictions Bypass
Affected products and versions
Moodle, versions:
- 4.5.x, versions prior to 4.5.1
- 4.4.x, versions prior to 4.4.5
- 4.3.x, versions prior to 4.3.9
- 4.1.x, versions prior to 4.1.15
- all versions no longer supported
Mitigation actions
In line with the vendor’s declarations, it is recommended to apply the available mitigations following the indications reported in the security bulletins reported in the References section.
Unique vulnerability identifiers
CVE-ID
References
- https://moodle.org/mod/forum/discuss.php?d=464559&parent=1864997
- https://moodle.org/mod/forum/discuss.php?d=464558&parent=1864996
- https://moodle.org/mod/forum/discuss.php?d=464554&parent=1864992
- https://moodle.org/security/
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
