Lucene search
Veracode Vulnerability DatabaseVERACODE:27934HistoryNov 20, 2020 - 4:44 a.m.
Information Disclosure
2020-11-2004:44:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
moodle
insecure access control
deprecated configuration
oauthenticator classes
EPSS
0.002
Percentile
55.9%
Moodle uses insecure access control. The deprecated configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowed_users with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed.
Related
prion
prion
Code injection
2020-11-19 17:15:00
openvas
openvas
Moodle 3.7.x < 3.7.9, 3.8.x < 3.8.6, 3.9.x < 3.9.3 Information Disclosure Vulnerability
2020-11-27 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2020-304aa2c365)
2020-11-28 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2020-db73e37548)
2020-11-28 00:00:00
cvelist
cvelist
CVE-2020-25703
2020-11-19 16:13:35
osv
osv
BIT-moodle-2020-25703
2024-03-06 11:11:25
CVE-2020-25703
2020-11-19 17:15:13
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
2021-10-21 17:49:08
nvd
nvd
CVE-2020-25703
2020-11-19 17:15:13
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
2021-10-21 17:49:08
cve
cve
CVE-2020-25703
2020-11-19 17:15:13
ubuntucve
ubuntucve
CVE-2020-25703
2020-11-19 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: moodle-3.9.3-1.fc33
2020-11-28 02:04:40
[SECURITY] Fedora 32 Update: moodle-3.8.6-1.fc32
2020-11-28 02:10:53
nessus
nessus
Fedora 32 : moodle (2020-db73e37548)
2020-11-30 00:00:00
Fedora 33 : moodle (2020-304aa2c365)
2020-11-30 00:00:00