GHSA-r4xr-m393-778m

Suggest an improvement
Source
https://github.com/advisories/GHSA-r4xr-m393-778m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-r4xr-m393-778m/GHSA-r4xr-m393-778m.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-r4xr-m393-778m
Aliases
  • CVE-2024-48899
Published
2024-11-20T12:30:35Z
Modified
2024-11-20T22:00:57.954807Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Moodle IDOR when accessing list of course badges
Details

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Database specific 
{
    "nvd_published_at": "2024-11-20T11:15:05Z",
    "cwe_ids": [
        "CWE-284",
        "CWE-639"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-20T18:25:30Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0-beta
Fixed
4.4.3

Affected versions

v4.*

v4.4.0-beta
v4.4.0-rc1
v4.4.0-rc2
v4.4.0
v4.4.1
v4.4.2