CVE-2019-14829
First published: Fri Mar 19 2021(Updated: )
A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | >=3.5.0<=3.5.7 | |
| Moodle | >=3.6.0<=3.6.5 | |
| Moodle | >=3.7.0<=3.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14829?
CVE-2019-14829 has a severity rating of Medium due to its impact on activity creation capabilities in Moodle.
How do I fix CVE-2019-14829?
To fix CVE-2019-14829, update Moodle to the latest version that addresses this vulnerability.
Which versions of Moodle are affected by CVE-2019-14829?
CVE-2019-14829 affects Moodle versions 3.5 to 3.5.7, 3.6 to 3.6.5, and 3.7 to 3.7.1.
Can CVE-2019-14829 allow unauthorized access to course activities?
Yes, CVE-2019-14829 can potentially allow unauthorized users to create activities due to misconfiguration.
Is there a patch available for CVE-2019-14829?
Yes, a patch for CVE-2019-14829 is included in the recent Moodle releases that resolve this vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/moodle
- canonical/moodle
- version/moodle/3.5.0
- version/moodle/3.5.7
- version/moodle/3.6.0
- version/moodle/3.6.5
- version/moodle/3.7.0
- version/moodle/3.7.1