Описание
Privilage Escalation in moodle
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-25699
- https://github.com/moodle/moodle/commit/b8e1eec4c77c858de87fedf4e405e929539ea0c5
- https://bugzilla.redhat.com/show_bug.cgi?id=1895425
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6
- https://moodle.org/mod/forum/discuss.php?d=413936
Пакеты
moodle/moodle
>= 3.9.0, < 3.9.3
3.9.3
moodle/moodle
>= 3.8.0, < 3.8.6
3.8.6
moodle/moodle
>= 3.7.0, < 3.7.9
3.7.9
moodle/moodle
>= 3.5, < 3.5.15
3.5.15
Связанные уязвимости
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
In moodle, insufficient capability checks could lead to users with the ...