GitHub Advisory DatabaseGHSA-VXHX-GMHM-623CImproper Access Control in moodle
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
50.9%
Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Affected configurations
References
bugzilla.redhat.com/show_bug.cgi?id=1895419
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837
github.com/advisories/GHSA-vxhx-gmhm-623c
github.com/moodle/moodle/commit/c8ac07fb50fa92eee1d574823fbda09e1b309a63
lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
moodle.org/mod/forum/discuss.php?d=413935
nvd.nist.gov/vuln/detail/CVE-2020-25698
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
50.9%