Lucene search

K
cvelistRedhatCVELIST:CVE-2020-25701
HistoryNov 19, 2020 - 4:10 p.m.

CVE-2020-25701

2020-11-1916:10:53
CWE-284
redhat
www.cve.org
9
moodle upload tool
unintended access
enrollment method
security vulnerability
version affected
fixed version

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

55.9%

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

CNA Affected

[
  {
    "product": "moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 3.9.3"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.8.6"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.7.9"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.5.15"
      },
      {
        "status": "affected",
        "version": "Fixed in 3.10"
      }
    ]
  }
]

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

55.9%