CVE-2019-3808

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-3808
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3808.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-3808
Aliases
Downstream
Published
2019-03-25T18:29:00.667Z
Modified
2026-03-20T11:30:40.097894Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
268abfacc54c4cbf9722c1502569b311c7caefff
Last affected
da70ec0cca362afc183ee4c3d00f08f4e99116ec
Introduced
665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87
Last affected
d1e834866e37353bdd82bd8bb92fb26a39f39117
Introduced
46574904afd39578fa4146bf1fc5c401ac680aa6
Last affected
789dcd6975004dfaa2d4d3086267fb29cba84da8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cb628a9a08933c2a9f1eae2f3be70ea5d343b419
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d09dc52b0a9e229b75d760368b225132841cbd42
Database specific 
{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.15"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "last_affected": "3.4.6"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "last_affected": "3.5.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.6.1"
        }
    ]
}

Affected versions

v3.*
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.15
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0-beta
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.3.0
v3.3.0-beta
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.4.0
v3.4.0-beta
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.5.0
v3.5.0-beta
v3.5.0-rc1
v3.5.1
v3.5.2
v3.5.3
v3.6.0
v3.6.0-beta
v3.6.0-rc1
v3.6.0-rc2
v3.6.0-rc3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3808.json"