Improper Authorization Affecting moodle/moodle package, versions <3.5.13>=3.6.0, <3.7.7>=3.8.0, <3.8.4>=3.9.0, <3.9.1


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Mature
EPSS
12.21% (96th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-MOODLEMOODLE-2986976
  • published18 Aug 2022
  • disclosed18 Aug 2022
  • creditKien Hoang

Introduced: 18 Aug 2022

CVE-2020-14321  (opens in a new tab)
CWE-285  (opens in a new tab)

How to fix?

Upgrade moodle/moodle to version 3.5.13, 3.7.7, 3.8.4, 3.9.1 or higher.

Overview

moodle/moodle is a learning platform.

Affected versions of this package are vulnerable to Improper Authorization where teachers of a course were able to assign themselves the manager role within that course.

CVSS Scores

version 3.1