Home > Vulnerability Database > CVE-2024-1439

Mend.io Vulnerability Database

CVE-2024-1439

Date: February 12, 2024

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

Language: PHP

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1439

Url: https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle

Url: https://github.com/moodle/moodle

Url: https://www.mend.io/vulnerability-database/CVE-2024-1439

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1439

Date: February 12, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?