VYPR
Moderate severityOSV Advisory· Published Nov 18, 2024

Moodle: idor when fetching report schedules

CVE-2024-48901

Description

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
< 4.1.144.1.14
moodle/moodlePackagist
>= 4.2.0, < 4.2.114.2.11
moodle/moodlePackagist
>= 4.3.0, < 4.3.84.3.8
moodle/moodlePackagist
>= 4.4.0, < 4.4.44.4.4

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.