User Role Assignment Vulnerability in Moodle Versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7, and Earlier Unsupported Versions

User Role Assignment Vulnerability in Moodle Versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7, and Earlier Unsupported Versions

CVE-2019-14828 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.

Learn more about our User Device Pen Test.