Main Vulnerability Database Vulnerabilities #VU46837

#VU46837 Permissions, Privileges, and Access Controls in Moodle - CVE-2020-25630

Published: September 21, 2020

Vulnerability identifier: #VU46837

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-25630

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the decompressed size of zip files is not checked against available user quota before unzipping them in the file picker unzip functionality. A remote attacker trick the victim to unzip a large archive and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=410842

#VU46837 Permissions, Privileges, and Access Controls in Moodle - CVE-2020-25630

Description

Remediation

External links

Please verify you're human