CVE-2021-36397
Moodle has Incorrect Default Permissions in packagist/moodle/moodle
Identifiers
CVE-2021-36397, GHSA-2wmj-8mqg-r9q8
Package Slug
packagist/moodle/moodle
Vulnerability
Moodle has Incorrect Default Permissions
Description
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
Affected Versions
All versions before 3.9.8, all versions starting from 3.10.0 before 3.10.5, all versions starting from 3.11.0-beta before 3.11.1
Solution
Upgrade to versions 3.9.8, 3.10.5, 3.11.1 or above.
Last Modified
2023-03-08
| source |