PT-2020-16160 · Moodle+1 · Moodle+1
Roman Sevostyanov
·
Published
2020-11-08
·
Updated
2024-03-06
·
CVE-2020-25698
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.5 through 3.5.14
Moodle versions 3.7 through 3.7.8
Moodle versions 3.8 through 3.8.5
Moodle versions 3.9 through 3.9.2
Moodle earlier unsupported versions
Description
The issue arises from insufficient checks on users' enrollment capabilities in Moodle when they are restored into an existing course. This could lead to users being unenrolled without the perpetrator having permission to do so.
Recommendations
For versions 3.5 through 3.5.14, update to version 3.5.15 or later.
For versions 3.7 through 3.7.8, update to version 3.7.9 or later.
For versions 3.8 through 3.8.5, update to version 3.8.6 or later.
For versions 3.9 through 3.9.2, update to version 3.9.3 or later.
For earlier unsupported versions, consider upgrading to a supported version.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Moodle