Privilege Escalation Vulnerability in Moodle by Moodle
CVE-2020-14321

8.8HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 16 August 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 39%

What is CVE-2020-14321?

In Moodle versions prior to 3.9.1, 3.8.4, 3.7.7, and 3.5.13, a vulnerability exists that allows teachers to improperly assign themselves manager roles within their courses. This privilege escalation can lead to unauthorized access and management of course content, posing a significant risk to the integrity of educational environments. Mitigation through updates is essential to maintain secure learning management systems.

Affected Version(s)

Moodle Moodle 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-14321
Created by HoangKien1020

CVE-2020-14321
Created by lanzt

CVE-2020-14321-modified-exploit
Created by f0ns1

References

https://moodle.org/mod/forum/discuss.php?d=407393

EPSS Score

39% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2022
🟡
Public PoC available
Feb 1, 2022
👾
Exploit known to exist
Feb 1, 2022
Vulnerability Reserved
Jun 17, 2020

CVE-2020-14321 Data

JSON