CVE-2024-25981

Published: Feb 19, 2024Modified: Jan 23, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.

Affected (4)

Products: Moodle: Moodle · Fedoraproject: Fedora

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 4.1.0 to 4.1.9
Moodle Moodle	From 4.2.0 to 4.2.6
Moodle Moodle	From 4.3.0 to 4.3.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 38

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504

Source: patrick@puiterwijk.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2264097

Source: patrick@puiterwijk.org

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Source: patrick@puiterwijk.org

Mailing List

https://moodle.org/mod/forum/discuss.php?d=455637

Source: patrick@puiterwijk.org

Vendor Advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2264097

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://moodle.org/mod/forum/discuss.php?d=455637

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.