GHSA-p9cx-f595-h79h

Опубликовано: 07 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 6.6

CVSS3: 7.5

Описание

Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

< 4.1.12

4.1.12

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.2.0-beta, < 4.2.9

4.2.9

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.3.0-beta, < 4.3.6

4.3.6

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0-beta, < 4.4.2

4.4.2

EPSS

Процентиль: 35%

0.0014

Низкий

6.6 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-43438

Дефекты

CWE-639

CWE-863

Связанные уязвимости

CVE-2024-43438

CVSS3: 7.5

ubuntu

9 месяцев назад

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

CVE-2024-43438

CVSS3: 7.5

nvd

9 месяцев назад

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

CVE-2024-43438

CVSS3: 7.5

debian

9 месяцев назад

A flaw was found in Feedback. Bulk messaging in the activity's non-res ...

EPSS

Процентиль: 35%

0.0014

Низкий

6.6 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2024-43438

Дефекты

CWE-639

CWE-863