4.3
CVE-2025-3645
- EPSS 0.3%
- Veröffentlicht 25.04.2025 14:43:15
- Zuletzt bearbeitet 24.06.2025 15:59:22
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Moodle: idor in messaging web service allows access to some user details
IDOR in messaging web service allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Mögliche Gegenmaßnahme
Moodle Server: Update to a patched version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemMoodle
≫
Produkt
Moodle Server
Version
< 4.1.0
Version
>= 4.5.0, < 4.5.4
Version
>= 4.4.0, < 4.4.8
Version
>= 4.3.0, < 4.3.12
Version
>= 4.1.0, < 4.1.18
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.218 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| patrick@puiterwijk.org | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://access.redhat.com/security/cve/CVE-2025-3645
https://bugzilla.redhat.com/show_bug.cgi?id=2359761
https://moodle.org/mod/forum/discuss.php?d=467606
https://moodle.org/mod/forum/discuss.php?d=467606