CVE-2021-32477
MEDIUMmoodle 3.10-3.10.3 - Missing Authorization for Mobile App Last Access Time
Title source: llmDescription
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=422313
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
CWE-200
Status
published
Products (2)
moodle/moodle
3.10 - 3.10.4Packagist
moodle/moodle
3.10.0 - 3.10.4
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026