CVE-2024-43431 Moodle: idor in badges allows deletion of arbitrary badges

🗓️ 07 Nov 2024 13:27:07Reported by fedoraType

Moodle vulnerability allows deletion of arbitrary badge

Reporter	Title	Published	Views	Family All 51
BDU FSTEC	The vulnerability of the virtual learning environment Moodle, related to the lack of authentication, allows a violator to delete data.	14 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-43431	7 Nov 202413:30	–	circl
CNNVD	Moodle 安全漏洞	7 Nov 202400:00	–	cnnvd
CVE	CVE-2024-43431	7 Nov 202413:27	–	cve
EUVD	EUVD-2024-3324	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle's IDOR in badges allows deletion of arbitrary badges	7 Nov 202415:31	–	github
NVD	CVE-2024-43431	7 Nov 202414:15	–	nvd
OpenVAS	Moodle < 4.1.12, 4.2.x < 4.2.9, 4.3.x < 4.3.6, 4.4.x < 4.4.2 Multiple Vulnerabilities	21 Aug 202400:00	–	openvas
OSV	BIT-MOODLE-2024-43431 Moodle: idor in badges allows deletion of arbitrary badges	2 May 202506:18	–	osv
OSV	GHSA-WWJF-GWRV-WH45 Moodle's IDOR in badges allows deletion of arbitrary badges	7 Nov 202415:31	–	osv

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.1.12",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.2",
        "lessThan": "4.2.9",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.3",
        "lessThan": "4.3.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.4",
        "lessThan": "4.4.2",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://github.com/moodle/moodle",
    "defaultStatus": "unaffected"
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

07 Nov 2024 13:27Current

CVSS 3.17.5

EPSS0.00457