MSA-20-0016: Teacher is able to unenrol users without permission using course restore
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
by Michael Hawkins. Users enrolment capabilities were not being sufficiently checked when they restored into an existing course, which could lead to them unenrolling users without having permission to do so.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Roman SevostyanovCVE identifier:CVE-2020-25698Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=413935&parent=1668770 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2020-25698. |