Описание
Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-38273
- https://github.com/moodle/moodle/commit/500cec575731fd8575569dcb5811535751dddae1
- https://github.com/moodle/moodle/commit/647b9dc06409211018c9f28581504d096ce9e3a8
- https://github.com/moodle/moodle/commit/6c0645ca29b195b5caaffc27d80f2ff715c33a48
- https://github.com/moodle/moodle/commit/a10506b8d70609478fef156d489e0c7d727b6098
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
- https://moodle.org/mod/forum/discuss.php?d=459498
Пакеты
moodle/moodle
>= 4.4.0-beta, < 4.4.1
4.4.1
moodle/moodle
>= 4.3.0-beta, < 4.3.5
4.3.5
moodle/moodle
>= 4.2.0-beta, < 4.2.8
4.2.8
moodle/moodle
< 4.1.11
4.1.11
Связанные уязвимости
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Insufficient capability checks meant it was possible for users to gain ...
Уязвимость виртуальной обучающей среды Moodle, связанная с предоставлением конфиденциальной информации неавторизованному лицу, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
