Unauthorized Deletion Vulnerability in Moodle by Moodle.org
CVE-2019-10187

4MEDIUM

Key Information:

Vendor

The Moodle Project

Status
Moodle
Vendor
CVE Published:
31 July 2019

What is CVE-2019-10187?

An improper access control vulnerability exists in Moodle that permits users with permission to delete glossary entries to also delete entries from other glossaries they do not have direct permission to access. This flaw impacts various versions of Moodle and can lead to unintentional data loss or exposure, stressing the importance of keeping software up to date and implementing proper permissions.

Affected Version(s)

moodle 3.7.1

moodle 3.6.5

moodle 3.5.7

References

http://www.securityfocus.com/bid/109174
vdb-entryx_refsource_BID
https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
x_refsource_CONFIRM

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.