Moodle default permissions too permissive
Moderate severity
GitHub Reviewed
Published
Apr 23, 2022
to the GitHub Advisory Database
•
Updated Dec 29, 2023
Package
Affected versions
>= 2.2, <= 2.2.1
>= 2.1, <= 2.1.4
>= 2.0, <= 2.0.7
< 1.9.17
Patched versions
2.2.2
2.1.5
2.0.8
1.9.17
Description
Published by the National Vulnerability Database
Nov 14, 2019
Published to the GitHub Advisory Database
Apr 23, 2022
Reviewed
Dec 29, 2023
Last updated
Dec 29, 2023
Moodle before 2.2.2 default settings allowed all repositories to be viewable by all authenticated users.
References