Candidate: CVE-2020-25701
PublicDate: 2020-11-19 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25701
 https://bugzilla.redhat.com/show_bug.cgi?id=1895432
 https://moodle.org/mod/forum/discuss.php?d=413939
Description:
 If the upload course tool in Moodle was used to delete an enrollment method
 which did not exist or was not already enabled, the tool would erroneously
 enable that enrollment method. This could lead to unintended users gaining
 access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to
 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in
 moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_moodle:
upstream_moodle: needs-triage
precise/esm_moodle: DNE
trusty_moodle: ignored (out of standard support)
trusty/esm_moodle: DNE
xenial_moodle: ignored (end of standard support, was needs-triage)
bionic_moodle: needs-triage
focal_moodle: DNE
groovy_moodle: DNE
hirsute_moodle: DNE
impish_moodle: DNE
jammy_moodle: DNE
devel_moodle: DNE