vulnerability
Moodle: Missing Authorization (CVE-2020-25629)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Dec 8, 2020 | Dec 10, 2020 | Oct 24, 2022 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Dec 8, 2020
Added
Dec 10, 2020
Modified
Oct 24, 2022
Description
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Solution(s)
moodle-upgrade-3_5_14moodle-upgrade-3_7_8moodle-upgrade-3_8_5moodle-upgrade-3_9_2

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.