CVE-2024-45689

MEDIUM6.5EPSS 0.13%

Moodle allows users to retrieve information they did not have permission to access

發布日:2024/11/20修改日:2025/6/4

也稱為:GHSA-j822-x5gg-5r56BIT-moodle-2024-45689

描述

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

受影響套件(2)

Bitnami/moodlefrom 0, < 4.1.13, >= 4.2.0, < 4.2.10, >= 4.3.0, < 4.3.7, >= 4.4.0, < 4.4.3
Packagist/moodle/moodlefrom 0, < 4.1.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-45689
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2309941
WEBhttps://github.com/moodle/moodle/commit/bb466df202a4b4a692006298f93cbba20566949c
WEBhttps://moodle.org/mod/forum/discuss.php?d=461894#p1854491