CVE-2024-48897

Published: Nov 18, 2024Modified: Nov 20, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.

Affected (4)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Up to 4.1.14
Moodle Moodle	From 4.2.0 to 4.2.11
Moodle Moodle	From 4.3.0 to 4.3.8
Moodle Moodle	From 4.4.0 to 4.4.4

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=2318821

Source: secalert@redhat.com

Issue Tracking

Timeline

No history available yet.