-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper group membership validation in quiz override handling. Based on: 1) The CWE-284 classification (Improper Access Control) 2) Moodle's security advisory mentioning group override permissions 3) Typical override implementation patterns in Moodle modules. The core issue would exist in functions responsible for rendering/saving override data without checking if the user has group membership or accessallgroups capability. The override form (override_form.php) and processing logic (override.php) are the most likely locations for missing group validation checks.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 3.5.7 | 3.5.7 |
| moodle/moodle | composer | >= 3.6.0, < 3.6.5 | 3.6.5 |
| moodle/moodle | composer |
| >= 3.7.0, < 3.7.1 |
| 3.7.1 |
Ongoing coverage of React2Shell