cnvd - cnvd-2021-28741

cnvd-2021-28741

Vulnerability from cnvd

Title

Moodle访问控制错误漏洞

Description

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在访问控制错误漏洞，该漏洞源于如果上传课程工具用于删除一个不存在或尚未启用的注册方法，该工具将错误地启用该注册方法。这可能会导致非预期用户访问该课程。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Moodle访问控制错误漏洞的补丁

Patch Description

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在访问控制错误漏洞，该漏洞源于如果上传课程工具用于删除一个不存在或尚未启用的注册方法，该工具将错误地启用该注册方法。这可能会导致非预期用户访问该课程。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://moodle.org/mod/forum/discuss.php?d=413939

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1895432

Impacted products

Name
['Moodle Moodle >=3.7.0，<3.7.8', 'Moodle Moodle >=3.8.0，<3.8.5', 'Moodle Moodle >=3.9.0，<3.9.2', 'Moodle Moodle >=3.5.0，<3.5.14']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-25701",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-25701"
    }
  },
  "description": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\n\nMoodle\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u4e0a\u4f20\u8bfe\u7a0b\u5de5\u5177\u7528\u4e8e\u5220\u9664\u4e00\u4e2a\u4e0d\u5b58\u5728\u6216\u5c1a\u672a\u542f\u7528\u7684\u6ce8\u518c\u65b9\u6cd5\uff0c\u8be5\u5de5\u5177\u5c06\u9519\u8bef\u5730\u542f\u7528\u8be5\u6ce8\u518c\u65b9\u6cd5\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u975e\u9884\u671f\u7528\u6237\u8bbf\u95ee\u8be5\u8bfe\u7a0b\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://moodle.org/mod/forum/discuss.php?d=413939",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28741",
  "openTime": "2021-04-16",
  "patchDescription": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5982\u679c\u4e0a\u4f20\u8bfe\u7a0b\u5de5\u5177\u7528\u4e8e\u5220\u9664\u4e00\u4e2a\u4e0d\u5b58\u5728\u6216\u5c1a\u672a\u542f\u7528\u7684\u6ce8\u518c\u65b9\u6cd5\uff0c\u8be5\u5de5\u5177\u5c06\u9519\u8bef\u5730\u542f\u7528\u8be5\u6ce8\u518c\u65b9\u6cd5\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u975e\u9884\u671f\u7528\u6237\u8bbf\u95ee\u8be5\u8bfe\u7a0b\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moodle\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Moodle Moodle \u003e=3.7.0\uff0c\u003c3.7.8",
      "Moodle Moodle \u003e=3.8.0\uff0c\u003c3.8.5",
      "Moodle Moodle \u003e=3.9.0\uff0c\u003c3.9.2",
      "Moodle Moodle \u003e=3.5.0\uff0c\u003c3.5.14"
    ]
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1895432",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-25",
  "title": "Moodle\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-25701 (GCVE-0-2020-25701)

Vulnerability from cvelistv5

Published

2020-11-19 16:10

Modified

2024-08-04 15:40

Severity ?

CWE

CWE-284

Summary

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1895432	x_refsource_MISC
	https://moodle.org/mod/forum/discuss.php?d=413939	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/	vendor-advisory, x_refsource_FEDORA