CVE Vulnerabilities

CVE-2021-36403

Hidden Functionality

Published: Mar 06, 2023 | Modified: Nov 21, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

Weakness

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product’s users or administrators.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle * 3.9.8 (excluding)
Moodle Moodle 3.10.0 (including) 3.10.5 (excluding)
Moodle Moodle 3.11.0 (including) 3.11.1 (excluding)
Moodle Ubuntu bionic *
Moodle Ubuntu trusty *
Moodle Ubuntu xenial *

Potential Mitigations

References