Description

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

CVE-2020-25629

Related Vulnerabilities

WordPress Plugin OdiHost Newsletter 'openstat.php' SQL Injection (1.0)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2009-1386)

WordPress Plugin Unlimited PopUps SQL Injection (4.5.3)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)

Squid Incorrect Conversion between Numeric Types Vulnerability (CVE-2023-46848)

Severity

High

Classification

CVE-2020-25629 CWE-284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities