CVE-2024-48898

EPSS 0.23%
Veröffentlicht 18.11.2024 12:15:18
Zuletzt bearbeitet 20.11.2024 14:46:16
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Moodle: some users can delete audiences of other reports

Some users can delete audiences of other reports

A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

Mögliche Gegenmaßnahme

Moodle Server: Update to a patched version.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moodle ≫ Moodle Version <= 4.1.14

Moodle ≫ Moodle Version >= 4.2.0 <= 4.2.11

Moodle ≫ Moodle Version >= 4.3.0 <= 4.3.8

Moodle ≫ Moodle Version >= 4.4.0 <= 4.4.4

Weitere Schwachstelleninformationen

SystemMoodle

≫

Produkt Moodle Server

Version < 4.1.0

Version >= 4.4.0, < 4.4.4

Version >= 4.3.0, < 4.3.8

Version >= 4.2.0, < 4.2.11

Version >= 4.1.0, < 4.1.14

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.455

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://bugzilla.redhat.com/show_bug.cgi?id=2318820

Issue Tracking

https://moodle.org/mod/forum/discuss.php?d=462877

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-48898

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48898

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48898

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-48898