Miembros de
Boletines de Vulnerabilidades |
MSA-20-0013: "Log in as" capability in a course context may lead to some privilege escalation |
|
Información sobre el sistema |
|
| Software afectado | PHP |
Descripción |
|
|
von Michael Hawkins. Users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager.Severity/Risk:MinorVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Florence ThiardWorkaround:Remove the "Login as other users" capability from the manager More info: https://moodle.org/mod/forum/discuss.php?d=410841&parent=1657003 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2020-25629. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2020-09-22 |