{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25983", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-02-13T18:10:15.371Z", "datePublished": "2024-02-19T16:32:58.729Z", "dateUpdated": "2024-08-01T23:52:06.541Z"}, "containers": {"cna": {"title": "Msa-24-0006: idor on dashboard comments block", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page)."}], "affected": [{"versions": [{"status": "affected", "version": "4.3.0", "lessThan": "4.3.3", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.6", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.1.9", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099", "name": "RHBZ#2264099", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455641"}], "datePublic": "2024-02-19T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key", "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-19T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank BA7MAN for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:51:01.502Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-20T18:32:00.576712Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:47.462Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.541Z"}, "title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099", "name": "RHBZ#2264099", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/", "tags": ["x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455641", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099", "name": "RHBZ#2264099", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/", "tags": ["x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455641", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.541Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-20T18:32:00.576712Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.979Z"}}], "cna": {"title": "Msa-24-0006: idor on dashboard comments block", "credits": [{"lang": "en", "value": "Red Hat would like to thank BA7MAN for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "4.3.0", "lessThan": "4.3.3", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.6", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.1.9", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-19T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-02-19T00:00:00+00:00", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099", "name": "RHBZ#2264099", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=455641"}], "descriptions": [{"lang": "en", "value": "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:51:01.502Z"}, "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"}}, "cveMetadata": {"cveId": "CVE-2024-25983", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:52:06.541Z", "dateReserved": "2024-02-13T18:10:15.371Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-02-19T16:32:58.729Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEC7A69A-C831-4087-B210-0C4DA13BA20B", "versionEndExcluding": "4.1.9", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCCA487E-E8A2-496D-8439-01D492B7E95C", "versionEndExcluding": "4.2.6", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "442D221B-7597-4FF2-A43E-ADFA21036DBE", "versionEndExcluding": "4.3.3", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page)."}, {"lang": "es", "value": "Las comprobaciones insuficientes en un servicio web hicieron posible agregar comentarios al bloque de comentarios en el panel de otro usuario cuando de otro modo no estaba disponible (por ejemplo, en su p\u00e1gina de perfil)."}], "id": "CVE-2024-25983", "lastModified": "2025-01-23T17:37:14.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-19T17:15:09.697", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=455641"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=455641"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}