CVE-2020-25698

Severity

75%

Complexity

39%

Confidentiality

60%

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 4 years ago

2020-11-19 17:15:00

Last updated 4 years ago

2020-12-02 19:53:00

Affected Software

Moodle

Fedora 32

32

References

https://bugzilla.redhat.com/show_bug.cgi?id=1895419

https://moodle.org/mod/forum/discuss.php?d=413935

FEDORA-2020-db73e37548

FEDORA-2020-304aa2c365

https://bugzilla.redhat.com/show_bug.cgi?id=1895419

Issue Tracking, Vendor Advisory

FEDORA-2020-db73e37548

Mailing List, Third Party Advisory

FEDORA-2020-304aa2c365

Mailing List, Third Party Advisory

https://moodle.org/mod/forum/discuss.php?d=413935

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.