CVE-2020-25629
EUVD-2022-369808.12.2020, 01:15
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 3.5.0 ≤ 𝑥 < 3.5.14 |
| moodle | moodle | 3.7.0 ≤ 𝑥 < 3.7.8 |
| moodle | moodle | 3.8.0 ≤ 𝑥 < 3.8.5 |
| moodle | moodle | 3.9.0 ≤ 𝑥 < 3.9.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration