What the vulnerability does

01Description

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Key dates

02Disclosure timeline

March 15, 2021 CVE published
August 3, 2024 Record updated