BIT-moodle-2024-48900

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2024-48900.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-moodle-2024-48900

Aliases

CVE-2024-48900
GHSA-g8r3-2v89-j6r5

Published

2025-06-13T06:12:34.451Z

Modified

2025-06-13T06:57:33.962789Z

Summary

Moodle: idor when accessing list of badge recipients

Details

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ]
}

References

https://bugzilla.redhat.com/show_bug.cgi?id=2318818
https://nvd.nist.gov/vuln/detail/CVE-2024-48900

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

4.4.0

Fixed

4.4.4