A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users email address changes require additional verification during sign-up to reduce the risk of account compromise.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Moodle | Moodle | 3.5 | * |
Moodle | Moodle | 3.6 | * |
Moodle | Moodle | 3.7 | * |