CVE-2019-14879: Improper Check for Dropped Privileges

May 24, 2022 (updated August 1, 2023)

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14879
github.com/advisories/GHSA-g9m2-c2x5-fr2v
github.com/moodle/moodle/commit/7b5f4a62c18fd5bad6956828aade23e1f15b4be3
nvd.nist.gov/vuln/detail/CVE-2019-14879

Code Behaviors & Features

Detect and mitigate CVE-2019-14879 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →