Lucene search

CVE-2020-25701

🗓️ 19 Nov 2020 17:12:15Reported by redhatType

If Moodle's upload course tool is used to delete a non-existing enrollment method, it could enable unauthorized access to the course. Affects versions 3.5 to 3.9.2

Reporter	Title	Published	Views	Family All 17
Veracode	Privilege Escalation	20 Nov 202003:33	–	veracode
OSV	Privilage Escalation in moodle	29 Mar 202120:42	–	osv
OSV	BIT-moodle-2020-25701	6 Mar 202411:11	–	osv
OSV	CVE-2020-25701	19 Nov 202017:15	–	osv
UbuntuCve	CVE-2020-25701	19 Nov 202000:00	–	ubuntucve
Prion	Design/Logic Flaw	19 Nov 202017:15	–	prion
Cvelist	CVE-2020-25701	19 Nov 202016:10	–	cvelist
NVD	CVE-2020-25701	19 Nov 202017:15	–	nvd
CNVD	Moodle Access Control Error Vulnerability	25 Nov 202000:00	–	cnvd
Github Security Blog	Privilage Escalation in moodle	29 Mar 202120:42	–	github

Nvd

Vulners

Node

moodle moodleRange3.5.0–3.5.14

moodle moodleRange3.7.0–3.7.8

moodle moodleRange3.8.0–3.8.5

moodle moodleRange3.9.0–3.9.2

Node

fedoraproject fedoraMatch32

fedoraproject fedoraMatch33

[
  {
    "product": "moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 3.9.3"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.8.6"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.7.9"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.5.15"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.10"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
moodle	www.moodle.org/mod/forum/discuss.php
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Nov 2020 17:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS25

CVSS35.3

EPSS0.00344