← back
CVE-2019-3849

CVE-2019-3849

CVSS 6.3 MEDIUMEPSS 1.0%CWE-285
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Mar 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
[UNKNOWN] · moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849https://moodle.org/mod/forum/discuss.php?d=384012#p1547744