{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25981", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-02-13T18:10:15.371Z", "datePublished": "2024-02-19T16:32:28.338Z", "dateUpdated": "2024-08-01T23:52:06.441Z"}, "containers": {"cna": {"title": "Msa-24-0004: forum export did not respect activity group settings", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers."}], "affected": [{"versions": [{"status": "affected", "version": "4.3.0", "lessThan": "4.3.3", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.6", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.1.9", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097", "name": "RHBZ#2264097", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455637"}], "datePublic": "2024-02-19T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-284: Improper Access Control", "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-19T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Leon Stringer for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:50:56.914Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:54:36.601394Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:56.564Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.441Z"}, "title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097", "name": "RHBZ#2264097", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/", "tags": ["x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455637", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097", "name": "RHBZ#2264097", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/", "tags": ["x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455637", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.441Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:54:36.601394Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.659Z"}}], "cna": {"title": "Msa-24-0004: forum export did not respect activity group settings", "credits": [{"lang": "en", "value": "Red Hat would like to thank Leon Stringer for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "4.3.0", "lessThan": "4.3.3", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.6", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.1.9", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-19T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-02-19T00:00:00+00:00", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097", "name": "RHBZ#2264097", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455637"}], "descriptions": [{"lang": "en", "value": "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Control"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:50:56.914Z"}, "x_redhatCweChain": "CWE-284: Improper Access Control"}}, "cveMetadata": {"cveId": "CVE-2024-25981", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:52:06.441Z", "dateReserved": "2024-02-13T18:10:15.371Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-02-19T16:32:28.338Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEC7A69A-C831-4087-B210-0C4DA13BA20B", "versionEndExcluding": "4.1.9", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCCA487E-E8A2-496D-8439-01D492B7E95C", "versionEndExcluding": "4.2.6", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "442D221B-7597-4FF2-A43E-ADFA21036DBE", "versionEndExcluding": "4.3.3", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers."}, {"lang": "es", "value": "Las restricciones del modo de grupos separados no se respetaban al realizar una exportaci\u00f3n de foro, que exportar\u00eda datos del foro para todos los grupos. De forma predeterminada, esto solo proporcionaba acceso adicional a los profesores que no eran editores."}], "id": "CVE-2024-25981", "lastModified": "2025-01-23T16:45:12.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-19T17:15:09.230", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=455637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=455637"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}