CVE-2024-48900

EPSS 0.26%
Veröffentlicht 13.11.2024 15:15:07
Zuletzt bearbeitet 13.06.2025 00:33:54
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Moodle: idor when accessing list of badge recipients

IDOR when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

Mögliche Gegenmaßnahme

Moodle Server: Update to a patched version.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moodle ≫ Moodle Version >= 4.4.0 < 4.4.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemMoodle

≫

Produkt Moodle Server

Version >= 4.4.0, < 4.4.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.499

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://bugzilla.redhat.com/show_bug.cgi?id=2318818

Issue Tracking

https://moodle.org/mod/forum/discuss.php?d=462879

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-48900

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48900

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48900

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-48900