CVE-2020-25698
First published: Fri Nov 06 2020(Updated: )
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=3.5<3.5.15 | 3.5.15 |
| composer/moodle/moodle | >=3.7.0<3.7.9 | 3.7.9 |
| composer/moodle/moodle | >=3.8.0<3.8.6 | 3.8.6 |
| composer/moodle/moodle | >=3.9.0<3.9.3 | 3.9.3 |
| redhat/moodle | <3.9.3 | 3.9.3 |
| redhat/moodle | <3.8.6 | 3.8.6 |
| redhat/moodle | <3.7.9 | 3.7.9 |
| redhat/moodle | <3.5.15 | 3.5.15 |
| redhat/moodle | <3.10 | 3.10 |
| Moodle | >=3.5.0<=3.5.14 | |
| Moodle | >=3.7.0<=3.7.8 | |
| Moodle | >=3.8.0<=3.8.5 | |
| Moodle | >=3.9.0<=3.9.2 | |
| Fedora | =32 | |
| Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1895419
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
- https://moodle.org/mod/forum/discuss.php?d=413935
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
- https://nvd.nist.gov/vuln/detail/CVE-2020-25698
- https://github.com/moodle/moodle/commit/c8ac07fb50fa92eee1d574823fbda09e1b309a63
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837
- https://github.com/advisories/GHSA-vxhx-gmhm-623c (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1899532
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1899533
- https://samplius.com/free-essay-examples/movie-review/
- https://www.resellerratings.com/store/PapersOwl
- https://www.nursingpaper.com/
- https://americasuits.com/justified-raylan-givens-black-cotton-jacket
- https://triworldhub.com/
- https://papermasters.org/buy-capstone-project-online-help/
- https://shubhamvisuals.com
- https://shubhamvisuals.com)here
- https://shubhamvisuals.com/online-paise-kaise-kamaye-2024/
Frequently Asked Questions
What is the severity of CVE-2020-25698?
CVE-2020-25698 has a high severity rating due to the potential for unauthorized user unenrollment.
How do I fix CVE-2020-25698?
To fix CVE-2020-25698, update Moodle to version 3.5.15, 3.7.9, 3.8.6, or 3.9.3 or later.
Which Moodle versions are affected by CVE-2020-25698?
CVE-2020-25698 affects Moodle versions 3.5.0 to 3.5.14, 3.7.0 to 3.7.8, 3.8.0 to 3.8.5, and 3.9.0 to 3.9.2.
Can CVE-2020-25698 be exploited remotely?
Yes, CVE-2020-25698 can be exploited remotely by unauthorized users with limited access levels.
What are the impacts of CVE-2020-25698 on Moodle courses?
CVE-2020-25698 allows users to unenroll other users from courses without having the necessary permissions.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-vxhx-gmhm-623c
- alias/CVE-2020-25698
- agent/software-canonical-lookup
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- agent/references
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- package-manager/redhat
- vendor/moodle
- canonical/moodle
- version/moodle/3.5.0
- version/moodle/3.5.14
- version/moodle/3.7.0
- version/moodle/3.7.8
- version/moodle/3.8.0
- version/moodle/3.8.5
- version/moodle/3.9.0
- version/moodle/3.9.2
- vendor/fedoraproject
- canonical/fedora
- version/fedora/32
- version/fedora/33