GoogleOSV:GHSA-CP8M-H777-G4P3Improper Access Control in moodle
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501
bugzilla.redhat.com/show_bug.cgi?id=2264096
github.com/moodle/moodle
github.com/moodle/moodle/commit/662192fcecdefdaae79f55db96bd64dbcdeef85b
lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB
moodle.org/mod/forum/discuss.php?d=455636
nvd.nist.gov/vuln/detail/CVE-2024-25980
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%