CVE-2024-48901

Published: Nov 18, 2024Modified: Nov 20, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

Affected (4)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Up to 4.1.14
Moodle Moodle	From 4.2.0 to 4.2.11
Moodle Moodle	From 4.3.0 to 4.3.8
Moodle Moodle	From 4.4.0 to 4.4.4

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=2318817

Source: secalert@redhat.com

Issue Tracking

Timeline

No history available yet.