Vulnerability Description
A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.1.0, <= 3.1.15 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808Issue TrackingPatchThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=381228#p1536765PatchVendor Advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808Issue TrackingPatchThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=381228#p1536765PatchVendor Advisory
FAQ
What is CVE-2019-3808?
CVE-2019-3808 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned t...
How severe is CVE-2019-3808?
CVE-2019-3808 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3808?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.