Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25701

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

Published

2020-11-19T17:15:12.810

Last Modified

2024-11-21T05:18:30.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-284
  • Type: Primary
    CWE-863
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application moodle moodle ≤ 3.5.14 Yes
Application moodle moodle ≤ 3.7.8 Yes
Application moodle moodle ≤ 3.8.5 Yes
Application moodle moodle ≤ 3.9.2 Yes
Operating System fedoraproject fedora 32 Yes
Operating System fedoraproject fedora 33 Yes
References