Improper Access Control in moodle
High severity
GitHub Reviewed
Published
Mar 29, 2021
to the GitHub Advisory Database
•
Updated Feb 4, 2024
Package
Affected versions
>= 3.9.0, < 3.9.3
>= 3.8.0, < 3.8.6
>= 3.7.0, < 3.7.9
>= 3.5, < 3.5.15
Patched versions
3.9.3
3.8.6
3.7.9
3.5.15
Description
Published by the National Vulnerability Database
Nov 19, 2020
Reviewed
Mar 24, 2021
Published to the GitHub Advisory Database
Mar 29, 2021
Last updated
Feb 4, 2024
Credits
-
MarkLee131 Analyst
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
References