CVE-2020-25698

2020-11-1916:05:37

CWE-284

redhat

www.cve.org

0.001 Low

EPSS

Percentile

47.3%

JSON

Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

CNA Affected

[
  {
    "product": "moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 3.9.3"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.8.6"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.7.9"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.5.15"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.10"
      }
    ]
  }
]