Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-g9m2-c2x5-fr2v

GitHub Security Advisory

Moodle does not revoke role capabilities correctly

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).

Affected Packages

Packagist moodle/moodle
Affected versions: 3.7.0 (fixed in 3.7.3)
Packagist moodle/moodle
Affected versions: 3.6.0 (fixed in 3.6.7)
Packagist moodle/moodle
Affected versions: 3.5.0 (fixed in 3.5.9)

Related CVEs

CVE-2019-14879

Key Information

GHSA ID
GHSA-g9m2-c2x5-fr2v
Published
May 24, 2022 5:05 PM
Last Modified
August 1, 2023 11:39 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
moodle/moodle
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.