A vulnerability in the Microsoft Office 365 plugin for the Moodle learning platform allows attackers to bypass security controls and impersonate other users. Under the right conditions, this can lead to full administrator access.
What is the issue?
An attacker who knows or can determine the User Principal Name (UPN) of an Office 365-authenticated Moodle user can impersonate that account, gaining all permissions associated with it. Schools, universities, and organizations running Moodle with Azure AD or Microsoft Entra ID should assess their exposure.
What to do
If you use the plugin, check for an updated version from the vendor and apply it as soon as possible. In the meantime, review your access logs for suspicious login activity and enable multi-factor authentication where available.