Vulnerability Details CVE-2020-25629
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2020-25629
-
cpe:2.3:a:moodle:moodle:3.5.0
-
cpe:2.3:a:moodle:moodle:3.5.1
-
cpe:2.3:a:moodle:moodle:3.5.10
-
cpe:2.3:a:moodle:moodle:3.5.11
-
cpe:2.3:a:moodle:moodle:3.5.12
-
cpe:2.3:a:moodle:moodle:3.5.13
-
cpe:2.3:a:moodle:moodle:3.5.2
-
cpe:2.3:a:moodle:moodle:3.5.3
-
cpe:2.3:a:moodle:moodle:3.5.4
-
cpe:2.3:a:moodle:moodle:3.5.5
-
cpe:2.3:a:moodle:moodle:3.5.6
-
cpe:2.3:a:moodle:moodle:3.5.7
-
cpe:2.3:a:moodle:moodle:3.5.8
-
cpe:2.3:a:moodle:moodle:3.5.9
-
cpe:2.3:a:moodle:moodle:3.7.0
-
cpe:2.3:a:moodle:moodle:3.7.1
-
cpe:2.3:a:moodle:moodle:3.7.2
-
cpe:2.3:a:moodle:moodle:3.7.3
-
cpe:2.3:a:moodle:moodle:3.7.4
-
cpe:2.3:a:moodle:moodle:3.7.5
-
cpe:2.3:a:moodle:moodle:3.7.6
-
cpe:2.3:a:moodle:moodle:3.7.7
-
cpe:2.3:a:moodle:moodle:3.8.0
-
cpe:2.3:a:moodle:moodle:3.8.1
-
cpe:2.3:a:moodle:moodle:3.8.2
-
cpe:2.3:a:moodle:moodle:3.8.3
-
cpe:2.3:a:moodle:moodle:3.8.4
-
cpe:2.3:a:moodle:moodle:3.9.0
-
cpe:2.3:a:moodle:moodle:3.9.1