GoogleOSV:GHSA-9R26-5W88-QHP9Authorization Bypass in moodle
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
Insufficient checks in a web service made it possible to add comments to the comments block on another user’s dashboard when it was not otherwise available (e.g., on their profile page).
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300
bugzilla.redhat.com/show_bug.cgi?id=2264099
github.com/moodle/moodle
github.com/moodle/moodle/commit/4cae44dd0e9a7da47d08d9b75e0ebba0e4b422f4
lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB
moodle.org/mod/forum/discuss.php?d=455641
nvd.nist.gov/vuln/detail/CVE-2024-25983
Related
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%