Vulnerability Description
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.5.0, <= 3.5.14 |
| Fedoraproject | Fedora | 32 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1895419Issue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=413935Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1895419Issue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=413935Vendor Advisory
FAQ
What is CVE-2020-25698?
CVE-2020-25698 is a vulnerability with a CVSS score of 7.5 (HIGH). Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do s...
How severe is CVE-2020-25698?
CVE-2020-25698 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25698?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora.