Back to bug 1895419
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Michael Kaplan | 2020-11-06 16:22:58 UTC | CC | security-response-team | |
| Michael Kaplan | 2020-11-06 16:23:21 UTC | Fixed In Version | moodle 3.9.3, moodle 3.8.6, moodle 3.7.9 moodle 3.5.15 | moodle 3.9.3, moodle 3.8.6, moodle 3.7.9, moodle 3.5.15 |
| Michael Kaplan | 2020-11-06 16:53:51 UTC | Summary | EMBARGOED moodle: Teacher is able to unenrol users without permission using course restore | EMBARGOED CVE-2020-25698 moodle: Teacher is able to unenrol users without permission using course restore |
| Alias | CVE-2020-25698 | |||
| Michael Kaplan | 2020-11-13 15:34:12 UTC | Comment | 0 | updated |
| Michael Kaplan | 2020-11-13 15:41:58 UTC | Fixed In Version | moodle 3.9.3, moodle 3.8.6, moodle 3.7.9, moodle 3.5.15 | moodle 3.9.3, moodle 3.8.6, moodle 3.7.9, moodle 3.5.15, moodle 3.10 |
| Michael Kaplan | 2020-11-19 13:57:03 UTC | Group | security, qe_staff | |
| CC | gwync, igor.raits, sergio | |||
| Deadline | 2020-11-16 | |||
| Doc Text | Users' enrolment capabilities were not being sufficiently checked when they restored into an existing course, could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions | |||
| Summary | EMBARGOED CVE-2020-25698 moodle: Teacher is able to unenrol users without permission using course restore | CVE-2020-25698 moodle: Teacher is able to unenrol users without permission using course restore | ||
| Michael Kaplan | 2020-11-19 13:57:21 UTC | Depends On | 1899532, 1899533 | |
| Michael Kaplan | 2020-11-19 14:01:10 UTC | Doc Text | Users' enrolment capabilities were not being sufficiently checked when they restored into an existing course, could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions | Users' enrollment capabilities were not being sufficiently checked when they restored into an existing course, could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions |
| Product Security DevOps Team | 2020-11-19 17:28:35 UTC | Status | NEW | CLOSED |
| Resolution | --- | UPSTREAM | ||
| Last Closed | 2020-11-19 17:28:35 UTC | |||
| RaTasha Tillery-Smith | 2021-02-11 16:20:34 UTC | Doc Text | Users' enrollment capabilities were not being sufficiently checked when they restored into an existing course, could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions | A flaw was found in Moodle where users' enrollment capabilities were not being sufficiently checked when restored into an existing course. This issue could lead to users being removed from enrollment without having adequate permissions. |
| Michael | 2023-01-19 22:57:55 UTC | CC | michaelolivero1e | |
| Choixx | 2023-05-21 09:56:18 UTC | CC | maxiomalimo+mola953 | |
| Alan Luiz | 2023-05-26 04:30:41 UTC | CC | KalebRamirez2020 | |
| Davit Jack | 2023-06-19 12:31:52 UTC | CC | davitjack508 | |
| Nicholson | 2023-07-05 22:55:26 UTC | CC | saleenajohn2023 | |
| Jonathan Wakely | 2023-07-10 08:46:53 UTC | Comment 9 Tag | spam | |
| Jonathan Wakely | 2023-07-10 08:46:55 UTC | Comment 8 Tag | spam | |
| Jonathan Wakely | 2023-07-10 08:46:59 UTC | Comment 7 Tag | spam | |
| Jonathan Wakely | 2023-07-10 08:47:02 UTC | Comment 6 Tag | spam | |
| Jonathan Wakely | 2023-07-10 08:47:05 UTC | Comment 5 Tag | spam | |
| Ada Xavier | 2023-07-31 12:46:14 UTC | CC | adaxvier | |
| Jonathan Wakely | 2023-08-10 15:40:50 UTC | Comment 10 Tag | spam | |
| Jonathan Wakely | 2023-08-10 15:41:02 UTC | CC | jwakely |
Back to bug 1895419