CVE-2020-25701

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25701
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25701.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25701
Aliases
Downstream
Published
2020-11-19T17:15:12.810Z
Modified
2026-03-14T10:23:10.152074Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
46574904afd39578fa4146bf1fc5c401ac680aa6
Last affected
598064e4d9958b22e8b8c81016440b1aea48771e
Introduced
89457b26d192c06325bb6782b85d1025dafbefe9
Last affected
f6e37fe19539b61afd3beb8685ffbff028e4ddf5
Introduced
f968cd44e8ee5d54b1bc56823040ff770dbf18af
Last affected
b21d86f807d355a3773a9b084d2ddb80c5e6b7ec
Introduced
500c131eb49771e36f68d151dfa37fef5a9bc2df
Last affected
ccd4ef8ddd03d98b84e3231866b8b1e024dab1db
Database specific 
{
    "versions": [
        {
            "introduced": "3.5.0"
        },
        {
            "last_affected": "3.5.14"
        },
        {
            "introduced": "3.7.0"
        },
        {
            "last_affected": "3.7.8"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "last_affected": "3.8.5"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "last_affected": "3.9.2"
        }
    ]
}

Affected versions

v3.*
v3.5.0
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v3.6.0
v3.6.0-beta
v3.6.0-rc1
v3.6.0-rc2
v3.6.0-rc3
v3.7.0
v3.7.0-beta
v3.7.0-rc1
v3.7.0-rc2
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v3.7.8
v3.8.0
v3.8.0-beta
v3.8.0-rc1
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.9.0
v3.9.0-beta
v3.9.0-rc1
v3.9.0-rc2
v3.9.0-rc3
v3.9.1
v3.9.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25701.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]