CVE-2024-48899

Published: Nov 20, 2024Modified: Jun 2, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Affected (1)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 4.4.0 to 4.4.4

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=2318819

Source: patrick@puiterwijk.org

Issue Tracking

Timeline

No history available yet.