QwikSec

Security Database

CVE

CWE

Training

CVE-2020-25699

Published: Nov 19, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

Vendor	Product	Versions
n/a	moodle	affected `Fixed in 3.9.3` affected `Fixed in 3.8.6` affected `Fixed in 3.7.9` affected `Fixed in 3.5.15` affected `Fixed in 3.10`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1895425

https://moodle.org/mod/forum/discuss.php?d=413936

FEDORA-2020-304aa2c365

vendor-advisory

FEDORA-2020-db73e37548

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.