BIT-moodle-2020-25629

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2020-25629.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2020-25629

Aliases

Published

2024-03-06T11:11:55.590Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://moodle.org/mod/forum/discuss.php?d=410841

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.5.0

Fixed

3.5.14

Introduced

3.7.0

Fixed

3.7.8

Introduced

3.8.0

Fixed

3.8.5

Introduced

3.9.0

Fixed

3.9.2