CVE-2020-25629

Summary

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Affected Software

VendorProductVersion RangeStatus
n/aMoodle3.9 to 3.9.1affected
n/aMoodle3.8 to 3.8.4affected
n/aMoodle3.7 to 3.7.7affected
n/aMoodle3.5 to 3.5.13affected
n/aMoodleearlier unsupported versionsaffected

Weaknesses

  • CWE-284: CWE-284

ADP Enrichment

CVE Program Container

Additional References

References