na/ moodle v3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions - 5 CVEs

A session hijack risk was identified in the Shibboleth authentication plugin.

UNKNOWN Published Jan 21, 2022

It was possible for a student to view their quiz grade before it had been released, using a quiz web service.

UNKNOWN Published Jan 21, 2022

An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.

UNKNOWN Published Jan 21, 2022

Insufficient capability checks made it possible for teachers to download users outside of their courses.

UNKNOWN Published Jan 21, 2022

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.

UNKNOWN Published Jan 21, 2022

Version 3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions