Moderate severityNVD Advisory· Published Nov 19, 2020· Updated Aug 4, 2024
CVE-2020-25701
CVE-2020-25701
Description
If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.9.0, < 3.9.3 | 3.9.3 |
moodle/moodlePackagist | >= 3.8.0, < 3.8.6 | 3.8.6 |
moodle/moodlePackagist | >= 3.7.0, < 3.7.9 | 3.7.9 |
moodle/moodlePackagist | >= 3.5, < 3.5.15 | 3.5.15 |
Affected products
3- Moodle/Moodledescription
- osv-coords2 versions
>= 3.5.0, < 3.5.15+ 1 more
- (no CPE)range: >= 3.5.0, < 3.5.15
- (no CPE)range: >= 3.9.0, < 3.9.3
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-c9hq-g4q8-w893ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-25701ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/moodle/moodle/commit/b8e1eec4c77c858de87fedf4e405e929539ea0c5ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GUghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6ghsaWEB
- moodle.org/mod/forum/discuss.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.