exploitDog

GHSA-hcm6-q6pc-xfhm

Опубликовано: 03 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Moodle has an authorization logic flaw

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

< 4.1.22

4.1.22

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0-beta, < 4.4.12

4.4.12

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.5.0-beta, < 4.5.8

4.5.8

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 5.0.0-beta, < 5.0.4

5.0.4

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 5.1.0-beta, < 5.1.1

5.1.1

EPSS

Процентиль: 1%

0.00011

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2025-67856

CVSS3: 5.4

ubuntu

4 дня назад

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

CVE-2025-67856

CVSS3: 5.4

nvd

4 дня назад

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

CVE-2025-67856

CVSS3: 5.4

debian

4 дня назад

A flaw was found in Moodle. An authorization logic flaw, specifically ...

EPSS

Процентиль: 1%

0.00011

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-863