PT-2020-16161 · Moodle+1 · Moodle+1
Matt Petro
·
Published
2020-11-08
·
Updated
2024-03-06
·
CVE-2020-25699
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
moodle versions 3.5 to 3.5.14
moodle versions 3.7 to 3.7.8
moodle versions 3.8 to 3.8.5
moodle versions 3.9 to 3.9.2
Description
Insufficient capability checks in moodle could lead to users with the ability to course restore adding additional capabilities to roles within that course. This issue is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Recommendations
For moodle versions 3.5 to 3.5.14, update to version 3.5.15 or later.
For moodle versions 3.7 to 3.7.8, update to version 3.7.9 or later.
For moodle versions 3.8 to 3.8.5, update to version 3.8.6 or later.
For moodle versions 3.9 to 3.9.2, update to version 3.9.3 or later.
Fix
Incorrect Authorization
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle