Lucene search

CVE-2020-25699

🗓️ 19 Nov 2020 17:12:15Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 57 Views

Insufficient capability checks in Moodle allow unauthorized users to add capabilities to roles. Versions affected: 3.5 to 3.9.2. Fixed in Moodle 3.5.15, 3.7.9, 3.8.6, and 3.9.3

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 16
NVD	CVE-2020-25699	19 Nov 202017:15	–	nvd
Github Security Blog	Privilage Escalation in moodle	29 Mar 202120:43	–	github
OSV	Privilage Escalation in moodle	29 Mar 202120:43	–	osv
OSV	BIT-moodle-2020-25699	6 Mar 202411:11	–	osv
OSV	CVE-2020-25699	19 Nov 202017:15	–	osv
Cvelist	CVE-2020-25699	19 Nov 202000:00	–	cvelist
Prion	Design/Logic Flaw	19 Nov 202017:15	–	prion
Veracode	Privilege Escalation	20 Nov 202005:50	–	veracode
UbuntuCve	CVE-2020-25699	19 Nov 202000:00	–	ubuntucve
OpenVAS	Moodle < 3.5.14, 3.7.x < 3.7.9, 3.8.x < 3.8.6, 3.9.x < 3.9.3 Multiple Vulnerabilities	27 Nov 202000:00	–	openvas

Nvd

Vulners

Node

moodle moodleRange3.5.0–3.5.14

moodle moodleRange3.7.0–3.7.8

moodle moodleRange3.8.0–3.8.5

moodle moodleRange3.9.0–3.9.2

Node

fedoraproject fedoraMatch32

fedoraproject fedoraMatch33

[
  {
    "vendor": "n/a",
    "product": "moodle",
    "versions": [
      {
        "version": "Fixed in 3.9.3",
        "status": "affected"
      },
      {
        "version": "Fixed in 3.8.6",
        "status": "affected"
      },
      {
        "version": "Fixed in 3.7.9",
        "status": "affected"
      },
      {
        "version": "Fixed in 3.5.15",
        "status": "affected"
      },
      {
        "version": "Fixed in 3.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Nov 2020 17:15Current

7High risk

Vulners AI Score7

CVSS25

CVSS37.5

EPSS0.00344

CWE-863