-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.3.0, < 4.3.3 | 4.3.3 |
| moodle/moodle | composer | >= 4.2.0, < 4.2.6 | 4.2.6 |
| moodle/moodle | composer | < 4.1.9 | 4.1.9 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stemmed from three key issues: 1) The user search functions (core_enrol_external::search_users and course_enrolment_manager::search_users) used course-level group context instead of activity-specific context, 2) The discussion vault didn't filter by user's allowed groups, and 3) The export form didn't propagate activity context properly. The patch adds contextID parameters, switches to activity-specific group mode checks, and implements proper group filtering in discussion retrieval. These functions were directly modified in the security fix commit to add group mode enforcement at the activity level.
Ongoing coverage of React2Shell