CVE-2024-48901

MEDIUM4.3EPSS 0.23%

moodle: IDOR when fetching report schedules

發布日:2024/11/18修改日:2024/11/21

也稱為:GHSA-mg54-p2wj-5ph7BIT-moodle-2024-48901

描述

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

受影響套件(2)

Bitnami/moodlefrom 0, < 4.1.19, >= 4.2.0, < 4.4.9
Packagist/moodle/moodlefrom 0, < 4.1.14

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-48901
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2318817