Lucene search
HistoryFeb 19, 2024 - 5:15 p.m.
CVE-2024-25983
web service
unauthorized access
comment block
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
AI Score
4.2
Confidence
High
EPSS
0
Percentile
15.5%
Insufficient checks in a web service made it possible to add comments to the comments block on another user’s dashboard when it was not otherwise available (e.g., on their profile page).
Related
cvelist
cvelist
CVE-2024-25983 Msa-24-0006: idor on dashboard comments block
2024-02-19 16:32:58
ubuntucve
ubuntucve
CVE-2024-25983
2024-02-19 00:00:00
veracode
veracode
Authorization Bypass
2024-04-02 11:56:39
github
github
Authorization Bypass in moodle
2024-02-19 18:31:32
osv
osv
BIT-moodle-2024-25983
2024-03-31 18:22:02
Authorization Bypass in moodle
2024-02-19 18:31:32
vulnrichment
vulnrichment
CVE-2024-25983 Msa-24-0006: idor on dashboard comments block
2024-02-19 16:32:58
cve
cve
CVE-2024-25983
2024-02-19 17:15:09
prion
prion
Input validation
2024-02-19 17:15:00
openvas
openvas
Fedora: Security Advisory for moodle (FEDORA-2024-d2f180202f)
2024-03-01 00:00:00
Moodle 4.1.x < 4.1.9, 4.2.x < 4.2.5, 4.3.x < 4.3.3 Multiple Vulnerabilities
2024-02-20 00:00:00
nessus
nessus
Fedora 38 : moodle (2024-d2f180202f)
2024-02-29 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: moodle-4.1.9-1.fc38
2024-02-29 02:00:34
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
AI Score
4.2
Confidence
High
EPSS
0
Percentile
15.5%
Related for NVD:CVE-2024-25983