CVE-2020-25629
N/A
N/A
Summary
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Moodle | 3.9 to 3.9.1 | affected |
| n/a | Moodle | 3.8 to 3.8.4 | affected |
| n/a | Moodle | 3.7 to 3.7.7 | affected |
| n/a | Moodle | 3.5 to 3.5.13 | affected |
| n/a | Moodle | earlier unsupported versions | affected |
Weaknesses
- CWE-284: CWE-284
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.