BIT-moodle-2024-1439

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2024-1439.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-moodle-2024-1439

Aliases

CVE-2024-1439
GHSA-5p2x-8427-9fgp

Published

2024-10-11T07:11:50.099Z

Modified

2024-11-27T19:40:48.342Z

Summary

[none]

Details

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.11