ghsa-cp8m-h777-g4p3
Vulnerability from github
Published
2024-02-19 18:31
Modified
2024-02-29 03:33
Severity
Summary
Improper Access Control in moodle
Details
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
{ "affected": [ { "package": { "ecosystem": "Packagist", "name": "moodle/moodle" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Packagist", "name": "moodle/moodle" }, "ranges": [ { "events": [ { "introduced": "4.2.0" }, { "fixed": "4.2.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Packagist", "name": "moodle/moodle" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.1.9" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-25980" ], "database_specific": { "cwe_ids": [ "CWE-284" ], "github_reviewed": true, "github_reviewed_at": "2024-02-21T00:06:04Z", "nvd_published_at": "2024-02-19T17:15:09Z", "severity": "MODERATE" }, "details": "Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.", "id": "GHSA-cp8m-h777-g4p3", "modified": "2024-02-29T03:33:06Z", "published": "2024-02-19T18:31:32Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25980" }, { "type": "WEB", "url": "https://github.com/moodle/moodle/commit/662192fcecdefdaae79f55db96bd64dbcdeef85b" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264096" }, { "type": "PACKAGE", "url": "https://github.com/moodle/moodle" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=455636" }, { "type": "WEB", "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-80501" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Improper Access Control in moodle" }
Loading...