← back
CVE-2020-25629

CVE-2020-25629

EPSS 1.3%CWE-284
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Affected products
n/a · Moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://moodle.org/mod/forum/discuss.php?d=410841