CVE-2024-25983

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-25983
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25983.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-25983
Aliases
Downstream
Published
2024-02-19T17:15:09.697Z
Modified
2026-03-13T07:52:11.943304Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0ea3d45e04c3d54a3a472ddcb11606b30e227c50
Fixed
8a38a37f1ff5075c6f46d726c1457172c2fccac3
Introduced
ae4efa96ee8169a848c141ad21690165ea791552
Fixed
6acc0648d89d134e3cb7332bbc3236b68b45f268
Introduced
fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f
Fixed
0f84dd778b20ba0f456a0562c98c2a020c9b1403
Database specific 
{
    "versions": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.9"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.6"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.3"
        }
    ]
}

Affected versions

v4.*
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.2.0
v4.2.0-beta
v4.2.0-rc1
v4.2.0-rc2
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.3.0
v4.3.0-beta
v4.3.0-rc1
v4.3.0-rc2
v4.3.1
v4.3.2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25983.json"