GoogleOSV:GHSA-JFRG-9HPQ-9HVPImproper Access Control in moodle
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504
bugzilla.redhat.com/show_bug.cgi?id=2264097
github.com/moodle/moodle
github.com/moodle/moodle/commit/1c059cb3fe39da46959e912dc671844dd204e83b
lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB
moodle.org/mod/forum/discuss.php?d=455637
nvd.nist.gov/vuln/detail/CVE-2024-25981
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%