Lucene search

K

GoogleOSV:GHSA-VXHX-GMHM-623C

HistoryMar 29, 2021 - 8:42 p.m.

Improper Access Control in moodle

2021-03-2920:42:46

Google

osv.dev

13

moodle

access control

unauthorized unenrollment

software vulnerability

EPSS

0.001

Percentile

50.9%

Users’ enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

References

bugzilla.redhat.com/show_bug.cgi?id=1895419

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837

github.com/moodle/moodle/commit/c8ac07fb50fa92eee1d574823fbda09e1b309a63

lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU

lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6

moodle.org/mod/forum/discuss.php?d=413935

nvd.nist.gov/vuln/detail/CVE-2020-25698

EPSS

0.001

Percentile

50.9%

Related for OSV:GHSA-VXHX-GMHM-623C

osv2 cve1 github1 cvelist1 ubuntucve1 veracode1 prion1 nvd1 openvas3 fedora2 nessus2