CVE-2019-14879

Medium

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment…

redhat·CWE-264·Published 2020-01-07

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

221 chars

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).

NVDen

221 chars

OSV.deven

221 chars

GHSAen

221 chars

NVDes

304 chars

Se detectó una vulnerabilidad en las versiones de Moodle 3.7.x en versiones anteriores a la 3.7.3, 3.6.x en versiones anteriores a la 3.6.7 y 3.5.x en versiones anteriores a la 3.5.9. Cuando se eliminaba una asignación de funciones de cohorte, no se revocaban las capacidades asociadas (cuando procedía).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.5	8.0	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N
3.0	Primary	cve.org	4.2	—	—	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
3.0	Primary	cve.org	4.2	—	—	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
3.0	Secondary	NVD	4.2	1.6	2.5	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	NVD	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	GHSA	5.4	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N