CVE-2018-1082
HIGHMoodle 3.3.0-3.3.4 and 3.4.0-3.4.1 - Improper Authentication
Title source: llmDescription
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103725
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=367939
Scores
CVSS v3
8.1
EPSS
0.0153
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-285
Status
published
Products (2)
moodle/moodle
3.3 - 3.3.5Packagist
moodle/moodle
3.3.0 - 3.3.4
Published
Apr 04, 2018
Tracked Since
Feb 18, 2026