CVE-2020-25699 - In moodle, insufficient capability checks could lead to users with the ability to course restore add

CVE-2020-25699

Summary

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

References

Vulnerable Configurations

cpe:2.3:a:moodle:moodle:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.7.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.0:-:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.0:-:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.11:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.11:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.12:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.12:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.13:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.5.13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 07-11-2022 - 20:08)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

fedora	FEDORA-2020-304aa2c365 FEDORA-2020-db73e37548
misc	https://bugzilla.redhat.com/show_bug.cgi?id=1895425 https://moodle.org/mod/forum/discuss.php?d=413936

Last major update

07-11-2022 - 20:08

Published

19-11-2020 - 17:15

Last modified

07-11-2022 - 20:08