Description
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Redirect Manager Cross-Site Scripting (2.18.18)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Unspecified Vulnerability (11.6)
MySQL CVE-2021-2196 Vulnerability (CVE-2021-2196)
WordPress Plugin Glass Cross-Site Request Forgery (1.3.2)
WordPress Plugin Media File Manager Multiple Vulnerabilities (1.4.2)