CVE-2019-3852
MEDIUMmoodle < 3.6.3 - Incorrect Capability Check via Context Freezing Bypass
Title source: llmDescription
A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=384015#p1547748
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852
Scores
CVSS v3
4.3
EPSS
0.0013
EPSS Percentile
32.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (2)
moodle/moodle
< 3.6.3
moodle/moodle
3.6 - 3.6.3Packagist
Published
Mar 26, 2019
Tracked Since
Feb 18, 2026