Home > Vulnerability Database > CVE-2021-20283

Mend.io Vulnerability Database

CVE-2021-20283

Date: March 15, 2021

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Language: PHP

Severity Score

4.3

Related Resources (9)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20283

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1939051

Url: https://moodle.org/mod/forum/discuss.php?d=419654

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/

Url: https://github.com/moodle/moodle

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS

Url: https://www.mend.io/vulnerability-database/CVE-2021-20283

Severity Score

4.3

Weakness Type (CWE)

Missing Authorization

CWE-862

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20283

Date: March 15, 2021

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?