CVE-2021-20283: Incorrect Authorization

March 15, 2021 (updated November 7, 2023)

The web service responsible for fetching other users’ enrolled courses does not validate that the requesting user had permission to view that information in each course in moodle

References

bugzilla.redhat.com/show_bug.cgi?id=1939051
moodle.org/mod/forum/discuss.php?d=419654
nvd.nist.gov/vuln/detail/CVE-2021-20283

Code Behaviors & Features

Detect and mitigate CVE-2021-20283 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →