CVE-2020-25629

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle versions 3.5 through 3.5.13 Moodle versions 3.7 through 3.7.7 Moodle versions 3.8 through 3.8.4 Moodle versions 3.9 through 3.9.1

Description A vulnerability was found in Moodle where users with Log in as capability in a course context, typically course managers, may gain access to some site administration capabilities by logging in as a System manager.

Recommendations For versions 3.5 through 3.5.13, update to version 3.5.14. For versions 3.7 through 3.7.7, update to version 3.7.8. For versions 3.8 through 3.8.4, update to version 3.8.5. For versions 3.9 through 3.9.1, update to version 3.9.2.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

ALT-PU-2020-3059

ALT-PU-2020-3289

ALT-PU-2022-1641

BIT-MOODLE-2020-25629

CVE-2020-25629

GHSA-F5R8-7H4F-JR9X

Affected Products

Alt Linux

Moodle

CVE-2020-25629

Weakness Enumeration

Related Identifiers

Affected Products

References · 11