CVE-2019-3808

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3808

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3808.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3808

Aliases

GHSA-4r2p-wpv5-683w

Related

UBUNTU-CVE-2019-3808

Published

2019-03-25T18:29:00Z

Modified

2024-09-03T02:54:19.675169Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Last affected

789dcd6975004dfaa2d4d3086267fb29cba84da8

Last affected

cb628a9a08933c2a9f1eae2f3be70ea5d343b419

Last affected

d09dc52b0a9e229b75d760368b225132841cbd42

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

d1e834866e37353bdd82bd8bb92fb26a39f39117

Affected versions

v3.*

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3