GHSA-r4xr-m393-778m

Опубликовано: 20 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 4.3

Описание

Moodle IDOR when accessing list of course badges

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0-beta, < 4.4.3

4.4.3

EPSS

Процентиль: 15%

0.00048

Низкий

5.3 Medium

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-48899

Дефекты

CWE-284

CWE-639

Связанные уязвимости

CVE-2024-48899

CVSS3: 4.3

ubuntu

7 месяцев назад

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

CVE-2024-48899

CVSS3: 4.3

nvd

7 месяцев назад

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

CVE-2024-48899

CVSS3: 4.3

debian

7 месяцев назад

A vulnerability was found in Moodle. Additional checks are required to ...

EPSS

Процентиль: 15%

0.00048

Низкий

5.3 Medium

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-48899

Дефекты

CWE-284

CWE-639