CVE-2020-25698

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-25698
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25698.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-25698
Aliases
Related
Published
2020-11-19T17:15:12Z
Modified
2024-10-12T06:25:05.490989Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

References

Affected packages

Git / github.com/moodle/moodle

Affected versions

v3.*

v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v3.7.8
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.9.0
v3.9.0-beta
v3.9.0-rc1
v3.9.0-rc2
v3.9.0-rc3
v3.9.1
v3.9.2