CVE-2020-25699
Last modified
CVE-2020-25699 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. EPSS estimates a 1.59% chance of exploitation in the next 30 days.
Description
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.5.0, <= 3.5.14 |
| Moodle | Moodle | >= 3.7.0, <= 3.7.8 |
| Moodle | Moodle | >= 3.8.0, <= 3.8.5 |
| Moodle | Moodle | >= 3.9.0, <= 3.9.2 |
| Fedoraproject | Fedora | 32 |
| Fedoraproject | Fedora | 33 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1895425Issue Tracking, Third Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=413936Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1895425Issue Tracking, Third Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=413936Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25699?
How severe is CVE-2020-25699?
How do I fix CVE-2020-25699?
Are you affected by CVE-2020-25699?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST