Moderate severityOSV Advisory· Published Nov 18, 2024
Moodle: some users can delete audiences of other reports
CVE-2024-48898
Description
A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 4.1.14 | 4.1.14 |
moodle/moodlePackagist | >= 4.2.0, < 4.2.11 | 4.2.11 |
moodle/moodlePackagist | >= 4.3.0, < 4.3.8 | 4.3.8 |
moodle/moodlePackagist | >= 4.4.0, < 4.4.4 | 4.4.4 |
Affected products
3- osv-coords2 versions
< 4.1.19+ 1 more
- (no CPE)range: < 4.1.19
- (no CPE)range: < 4.1.14
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-fjq9-452g-jg3qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-48898ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
News mentions
0No linked articles in our index yet.