Vulnerability Description
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.5.0, < 3.5.17 |
| Fedoraproject | Fedora | 32 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939051Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=419654PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1939051Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=419654PatchVendor Advisory
FAQ
What is CVE-2021-20283?
CVE-2021-20283 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, ...
How severe is CVE-2021-20283?
CVE-2021-20283 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20283?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora.