Description
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Remediation
References
Related Vulnerabilities
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4302)
WordPress Plugin mb.YTPlayer for background videos Unspecified Vulnerability (1.7.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1829)
PHP 4.3.0 file disclosure and possible code execution
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)