GHSA-g8r3-2v89-j6r5

Опубликовано: 13 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 5.3

Описание

Moodle IDOR when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0, < 4.4.4

4.4.4

EPSS

Процентиль: 15%

0.0005

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2024-48900

Дефекты

CWE-200

Связанные уязвимости

CVE-2024-48900

CVSS3: 4.3

ubuntu

7 месяцев назад

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

CVE-2024-48900

CVSS3: 4.3

nvd

7 месяцев назад

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

CVE-2024-48900

CVSS3: 4.3

debian

7 месяцев назад

A vulnerability was found in Moodle. Additional checks are required to ...

BDU:2024-10528

CVSS3: 7.3

fstec

8 месяцев назад

Уязвимость виртуальной обучающей среды Moodle, связанная с использованием небезопасных прямых ссылок на объекты, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 15%

0.0005

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2024-48900

Дефекты

CWE-200