Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-25699

UNKNOWN
Published 2020-11-19T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-25699. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Privilage Escalation in moodle

GHSA-h77r-rp97-7rv4

Advisory Details

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

Affected Packages

Packagist moodle/moodle
ECOSYSTEM: ≥3.9.0 <3.9.3
Packagist moodle/moodle
ECOSYSTEM: ≥3.8.0 <3.8.6
Packagist moodle/moodle
ECOSYSTEM: ≥3.7.0 <3.7.9
Packagist moodle/moodle
ECOSYSTEM: ≥3.5 <3.5.15

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-25699
WEB https://github.com/moodle/moodle/commit/b8e1eec4c77c858de87fedf4e405e929539ea0c5
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1895425
PACKAGE https://github.com/moodle/moodle
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6
WEB https://moodle.org/mod/forum/discuss.php?d=413936

Advisory provided by GitHub Security Advisory Database. Published: March 29, 2021, Modified: October 20, 2021

References

https://bugzilla.redhat.com/show_bug.cgi?id=1895425
https://moodle.org/mod/forum/discuss.php?d=413936
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
Published: 2020-11-19T00:00:00
Last Modified: 2024-08-04T15:40:36.678Z
Copied to clipboard!