Brian Winstead

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.6.11 Moodle versions 2.7.x before 2.7.10 Moodle versions 2.8.x before 2.8.8 Moodle versions 2.9.x before 2.9.2 **Description** The issue is related to the `enrol meta sync` function in `enrol/meta/locallib.php`, which allows remote authenticated users to obtain manager privileges by leveraging incorrect role processing during a long-running sync script. This is due to insufficient access control, enabling an attacker to exploit the vulnerability and elevate their privileges. **Recommendations** For versions prior to 2.6.11, update to version 2.6.11 or later. For versions 2.7.x before 2.7.10, update to version 2.7.10 or later. For versions 2.8.x before 2.8.8, update to version 2.8.8 or later. For versions 2.9.x before 2.9.2, update to version 2.9.2 or later.