First published: Tue Jan 07 2020(Updated: )
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | >=3.5.0<3.5.9 | 3.5.9 |
composer/moodle/moodle | >=3.6.0<3.6.7 | 3.6.7 |
composer/moodle/moodle | >=3.7.0<3.7.3 | 3.7.3 |
Moodle Moodle | >=3.5.0<=3.5.8 | |
Moodle Moodle | >=3.6.0<=3.6.6 | |
Moodle Moodle | >=3.7.0<=3.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Moodle vulnerability is CVE-2019-14879.
Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7, and 3.5.x before 3.5.9 are affected by this vulnerability.
The severity rating of CVE-2019-14879 is medium, with a score of 5.4.
To fix the vulnerability in Moodle, update to version 3.7.3, 3.6.7, or 3.5.9, depending on the version you are currently using.
You can find more information about CVE-2019-14879 on the NIST NVD, Red Hat Bugzilla, and Moodle GitHub pages.