GHSA-x29x-qwvx-fxr2

Опубликовано: 18 июн. 2024

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 4.3

Описание

Moodle BigBlueButton web service leaks meeting joining information

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0-beta, < 4.4.1

4.4.1

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.3.0-beta, < 4.3.5

4.3.5

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.2.0-beta, < 4.2.8

4.2.8

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

< 4.1.11

4.1.11

EPSS

Процентиль: 34%

0.00135

Низкий

5.3 Medium

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-38273

Дефекты

CWE-284

Связанные уязвимости

CVE-2024-38273

CVSS3: 5.4

ubuntu

около 1 года назад

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

CVE-2024-38273

CVSS3: 5.4

nvd

около 1 года назад

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

CVE-2024-38273

CVSS3: 5.4

debian

около 1 года назад

Insufficient capability checks meant it was possible for users to gain ...

EPSS

Процентиль: 34%

0.00135

Низкий

5.3 Medium

CVSS4

4.3 Medium

CVSS3

CVE ID

CVE-2024-38273

Дефекты

CWE-284