CVE-2024-48900

MEDIUM4.3EPSS 0.26%

Moodle: idor when accessing list of badge recipients

發布日:2024/11/13修改日:2025/6/13

描述

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

受影響套件(2)

Bitnami/moodle>= 4.4.0, < 4.4.4
Packagist/moodle/moodle>= 4.4.0, < 4.4.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-48900
PATCHhttps://github.com/moodle/moodle
WEBhttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83178
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2318818
WEBhttps://moodle.org/mod/forum/discuss.php?d=462879