CVE-2019-3849: Improper Authorization

March 26, 2019 (updated October 9, 2019)

Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
moodle.org/mod/forum/discuss.php?d=384012
nvd.nist.gov/vuln/detail/CVE-2019-3849

Code Behaviors & Features

Detect and mitigate CVE-2019-3849 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →