CVE-2020-25698
HIGH7.5EPSS 0.70%Improper Access Control in moodle
發布日:2021/3/29修改日:2024/2/16
描述
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
受影響套件(2)
- Bitnami/moodle>= 3.5.0, < 3.5.15, >= 3.7.0, < 3.7.9, >= 3.8.0, < 3.8.6, >= 3.9.0, < 3.9.3
- Packagist/moodle/moodle>= 3.9.0, < 3.9.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25698
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1895419
- WEBhttps://github.com/moodle/moodle/commit/c8ac07fb50fa92eee1d574823fbda09e1b309a63
- WEBhttps://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6
- WEBhttps://moodle.org/mod/forum/discuss.php?d=413935