Home > Vulnerability Database > CVE-2024-48899

Mend.io Vulnerability Database

CVE-2024-48899

Good to know:

Date: November 20, 2024

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Language: PHP

Severity Score

4.3

Related Resources (6)

Url: https://moodle.org/mod/forum/discuss.php?d=462878#p1858337

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/07ad4b8ebc715056056e01f2175820bfce6b290f

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2318819

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-48899

Url: https://www.mend.io/vulnerability-database/CVE-2024-48899

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version moodle/moodle-v4.4.4

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-48899

Good to know:

Date: November 20, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?