← Back

CVE-2025-3636

nvd nist
Published: Apr 25, 2025Modified: Jun 24, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: patrick@puiterwijk.org (Secondary)

Description

A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.

Affected (4)

Products: Moodle: Moodle
Moodle
1 product
Moodle
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Moodle
Moodle
Before 4.1.18
Moodle
From 4.3.0 to 4.3.12
Moodle
From 4.4.0 to 4.4.8
Moodle
From 4.5.0 to 4.5.4

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (3)

Source: patrick@puiterwijk.org
Patch
Source: patrick@puiterwijk.org
Third Party Advisory
Source: patrick@puiterwijk.org
Issue Tracking

Timeline

No history available yet.