Lucene search
GitHub Advisory DatabaseGHSA-X29X-QWVX-FXR2HistoryJun 18, 2024 - 9:30 p.m.
Moodle BigBlueButton web service leaks meeting joining information
2024-06-1821:30:36
CWE-284
GitHub Advisory Database
github.com
3
moodle
bigbluebutton
web service
meeting information
capability checks
unauthorized access.
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Affected configurations
Node
moodlemoodleRange<4.1.11
ORmoodlemoodleRange<4.2.8
ORmoodlemoodleRange<4.3.5
ORmoodlemoodleRange<4.4.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 4.1.11 | |
| moodle/moodle | lt | 4.2.8 | |
| moodle/moodle | lt | 4.3.5 | |
| moodle/moodle | lt | 4.4.1 |
References
github.com/advisories/GHSA-x29x-qwvx-fxr2
github.com/moodle/moodle/commit/500cec575731fd8575569dcb5811535751dddae1
github.com/moodle/moodle/commit/647b9dc06409211018c9f28581504d096ce9e3a8
github.com/moodle/moodle/commit/6c0645ca29b195b5caaffc27d80f2ff715c33a48
github.com/moodle/moodle/commit/a10506b8d70609478fef156d489e0c7d727b6098
lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
moodle.org/mod/forum/discuss.php?d=459498
nvd.nist.gov/vuln/detail/CVE-2024-38273
Related
veracode
veracode
Unauthorized Access
2024-06-19 04:01:53
vulnrichment
vulnrichment
ubuntucve
ubuntucve
CVE-2024-38273
2024-06-18 00:00:00
nvd
nvd
CVE-2024-38273
2024-06-18 20:15:13
cvelist
cvelist
osv
osv
Moodle BigBlueButton web service leaks meeting joining information
2024-06-18 21:30:36
cve
cve
CVE-2024-38273
2024-06-18 20:15:13
openvas
openvas