Information Disclosure in Moodle Affects Users Enrolled in Shared Courses
CVE-2020-1692

8.1HIGH

Key Information:

Vendor: The Moodle Project
Status: Moodle
Vendor: CVE Published:; 17 February 2020

🔔 Create The Moodle Project Vulnerability Alert

What is CVE-2020-1692?

Moodle, a popular open-source learning platform, suffers from a vulnerability wherein users enrolled in the same course could have their service tokens exposed. This information disclosure flaw could allow an attacker to access sensitive user information or impersonate users, potentially leading to unauthorized actions within the platform. It is crucial for administrators to update to version 3.7.2 or later to mitigate this issue and enhance the security of sensitive user data.

Affected Version(s)

moodle before 3.7.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2020
Vulnerability Reserved
Nov 27, 2019