Self-Assignment of Escalated Roles in Moodle LTI Integration

Self-Assignment of Escalated Roles in Moodle LTI Integration

CVE-2019-3849 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

Learn more about our User Device Pen Test.