CVE-2024-48899

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-48899

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48899.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-48899

Aliases

Downstream

UBUNTU-CVE-2024-48899

Published

2024-11-20T10:25:58.315Z

Modified

2026-05-18T05:57:18.237940007Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Moodle: idor when accessing list of course badges

Details

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/48xxx/CVE-2024-48899.json",
    "cna_assigner": "fedora",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "4.4.0"
                },
                {
                    "fixed": "4.4.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Fixed

d7e3bea9fa95ff686b370969cc1bcc3fca0919bf

Database specific

{
    "extracted_events": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.4"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
}

Affected versions

v4.*

v4.4.0

v4.4.1

v4.4.2

v4.4.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48899.json"