CVE-2018-1082

8.1HIGH

Key Information:

Vendor: Red Hat
Status: Moodle
Vendor: CVE Published:; 4 April 2018

Summary

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

Affected Version(s)

Moodle 3.4 to 3.4.1, 3.3 to 3.3.4

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103725

vdb-entryx_refsource_BID

https://moodle.org/mod/forum/discuss.php?d=367939

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2018
Vulnerability Reserved
Dec 4, 2017