PT-2024-8862 · Moodle+1 · Moodle+1

Published

2024-10-09

Updated

2025-06-13

CVE-2024-48900

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Moodle (affected versions not specified)

Description: The issue is related to the use of insecure direct object references in Moodle, resulting from incorrect access control. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the viewing of badge recipients, where additional checks are required to ensure users can only access lists of those they are intended to have access to.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-99CWE-200

Related Identifiers

ALT-PU-2024-16385

ALT-PU-2024-16417

BDU:2024-10528

BIT-MOODLE-2024-48900

CVE-2024-48900

GHSA-G8R3-2V89-J6R5

Affected Products

Alt Linux

Moodle

PT-2024-8862 · Moodle+1 · Moodle+1

CVE-2024-48900

Weakness Enumeration

Related Identifiers

Affected Products

References · 17