First published: Fri May 25 2018(Updated: )
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >=3.1.0<=3.1.11 | |
Moodle Moodle | >=3.2.0<=3.2.8 | |
Moodle Moodle | >=3.3.0<=3.3.5 | |
Moodle Moodle | >=3.4.0<=3.4.2 | |
composer/moodle/moodle | >=3.4<3.4.3 | 3.4.3 |
composer/moodle/moodle | >=3.3<3.3.6 | 3.3.6 |
composer/moodle/moodle | >=3.2<3.2.9 | 3.2.9 |
composer/moodle/moodle | >=3.1<3.1.12 | 3.1.12 |
>=3.1.0<=3.1.11 | ||
>=3.2.0<=3.2.8 | ||
>=3.3.0<=3.3.5 | ||
>=3.4.0<=3.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.