User Account Vulnerability in Moodle by Moodle HQ
CVE-2018-1082

8.1HIGH

Key Information:

Vendor: Red Hat
Status: Moodle
Vendor: CVE Published:; 4 April 2018

What is CVE-2018-1082?

A vulnerability exists in Moodle versions 3.4 to 3.4.1 and 3.3 to 3.3.4 that allows users to bypass account suspension if they were previously confirmed using the OAuth2 authentication method. This flaw enables users with suspended accounts to log in to the site, posing significant risks to user security and data integrity. Administrators are urged to apply appropriate security measures to safeguard against unauthorized access.

Affected Version(s)

Moodle 3.4 to 3.4.1, 3.3 to 3.3.4

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103725

vdb-entryx_refsource_BID

https://moodle.org/mod/forum/discuss.php?d=367939

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2018
Vulnerability Reserved
Dec 4, 2017

Red Hat

What is CVE-2018-1082?

Affected Version(s)

References

CVSS V3.1

Timeline