Security Vulnerabilities - CVEs Published In May 2024
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-05-31
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-05-31
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-31
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
CVSS Score
6.5
EPSS Score
0.007
Published
2024-05-31
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
CVSS Score
4.3
EPSS Score
0.005
Published
2024-05-31
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-05-31
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-05-31
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-31
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.
CVSS Score
8.1
EPSS Score
0.009
Published
2024-05-31
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-05-31
Page 1