CVE-2024-1439
Inadequate access control vulnerability in Moodle
6.5
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.
How to fix CVE-2024-1439
To remediate CVE-2024-1439, upgrade the affected package to a fixed version below.
- —upgrade to 4.3.4 or later
- —no fix listed
Is CVE-2024-1439 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.3.4
- from 0, <= 4.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |