CVE-2024-1439

MEDIUM6.5EPSS 0.07%

Inadequate access control vulnerability in Moodle

發布日:2024/2/12修改日:2025/8/20

描述

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

受影響套件(2)

Bitnami/moodlefrom 0, < 4.3.4
Packagist/moodle/moodlefrom 0, <= 4.2.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-1439
PATCHhttps://github.com/moodle/moodle
WEBhttps://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle