First published: Wed Jun 26 2019(Updated: )
A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | >=3.6<3.6.4 | 3.6.4 |
Moodle | <3.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10154 is considered a moderate severity vulnerability.
To fix CVE-2019-10154, upgrade Moodle to version 3.6.4 or later.
CVE-2019-10154 can be exploited to allow unauthorized access to users' private conversations.
Moodle versions prior to 3.7 and 3.6.4 are affected by CVE-2019-10154.
There is no official workaround for CVE-2019-10154; upgrading is the recommended approach.