Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-48901

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-18 Nov, 2024 | 11:15
Updated At-18 Nov, 2024 | 14:56
Rejected At-
Credits

Moodle: idor when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:18 Nov, 2024 | 11:15
Updated At:18 Nov, 2024 | 14:56
Rejected At:
▼CVE Numbering Authority (CNA)
Moodle: idor when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

Affected Products
Collection URL
https://moodle.org/
Package Name
moodle
Default Status
unaffected
Versions
Affected
  • From 4.4.0 before 4.4.4 (semver)
  • From 4.3.0 before 4.3.8 (semver)
  • From 4.2.0 before 4.2.11 (semver)
  • From 4.1.0 before 4.1.14 (semver)
  • From 0 before 4.1.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-285Improper Authorization
Type: CWE
CWE ID: CWE-285
Description: Improper Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2024-10-15 17:23:08
Made public.2024-10-15 00:00:00
Event: Reported to Red Hat.
Date: 2024-10-15 17:23:08
Event: Made public.
Date: 2024-10-15 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=2318817
issue-tracking
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2318817
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:18 Nov, 2024 | 12:15
Updated At:20 Nov, 2024 | 14:45

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Moodle Pty Ltd
moodle
>>moodle>>Versions up to 4.1.14(inclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions from 4.2.0(inclusive) to 4.2.11(inclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions from 4.3.0(inclusive) to 4.3.8(inclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions from 4.4.0(inclusive) to 4.4.4(inclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE-285Secondarysecalert@redhat.com
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-285
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.redhat.com/show_bug.cgi?id=2318817secalert@redhat.com
Issue Tracking
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2318817
Source: secalert@redhat.com
Resource:
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found