Candidate: CVE-2019-3849
PublicDate: 2019-03-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3849
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
 https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62702
Description:
 A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8.
 Users could assign themselves an escalated role within courses or content
 accessed via LTI, by modifying the request to the LTI publisher site.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_moodle:
upstream_moodle: needs-triage
precise/esm_moodle: DNE
trusty_moodle: not-affected (code not present)
trusty/esm_moodle: DNE (trusty was not-affected [code not present])
xenial_moodle: not-affected (code not present)
bionic_moodle: not-affected (code not present)
cosmic_moodle: not-affected (code not present)
devel_moodle: not-affected (code not present)