CVE-2019-14828
MEDIUMMoodle 3.5.0-3.5.7 - Improper Authorization in Course Creation
Title source: llmDescription
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=391031
Scores
CVSS v3
4.3
EPSS
0.0012
EPSS Percentile
30.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-285
Status
published
Products (1)
moodle/moodle
3.5.0 - 3.5.7
Published
Mar 19, 2021
Tracked Since
Feb 18, 2026