vulnerability

Moodle: Missing Authorization (CVE-2020-25629)

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Dec 8, 2020
Added
Dec 10, 2020
Modified
Oct 24, 2022

Description

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Solution(s)

moodle-upgrade-3_5_14moodle-upgrade-3_7_8moodle-upgrade-3_8_5moodle-upgrade-3_9_2
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.