Lucene search
GoogleOSV:BIT-MOODLE-2024-25980HistoryMar 31, 2024 - 6:22 p.m.
BIT-moodle-2024-25980
2024-03-3118:22:30
Google
osv.dev
11
separate groups
h5p attempts
access control
user privacy
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0
Percentile
15.5%
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Related
github
github
Improper Access Control in moodle
2024-02-19 18:31:32
nvd
nvd
CVE-2024-25980
2024-02-19 17:15:09
veracode
veracode
Improper Access Control
2024-04-02 10:56:34
vulnrichment
vulnrichment
ubuntucve
ubuntucve
CVE-2024-25980
2024-02-19 00:00:00
cvelist
cvelist
osv
osv
Improper Access Control in moodle
2024-02-19 18:31:32
prion
prion
Default configuration
2024-02-19 17:15:00
cve
cve
CVE-2024-25980
2024-02-19 17:15:09
nessus
nessus
Fedora 38 : moodle (2024-d2f180202f)
2024-02-29 00:00:00
openvas
openvas
Moodle 4.1.x < 4.1.9, 4.2.x < 4.2.5, 4.3.x < 4.3.3 Multiple Vulnerabilities
2024-02-20 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2024-d2f180202f)
2024-03-01 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: moodle-4.1.9-1.fc38
2024-02-29 02:00:34
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0
Percentile
15.5%
Related for OSV:BIT-MOODLE-2024-25980