OpenCVE

A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2318821

History

Wed, 20 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Moodle Moodle moodle
Weaknesses		CWE-863
CPEs		cpe:2.3:a:moodle:moodle::::::::
Vendors & Products		Moodle Moodle moodle

Tue, 19 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 18 Nov 2024 11:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.
Title		Moodle: idor in edit/delete rss feed
Weaknesses		CWE-285
References		https://bugzilla.redhat.com/show_bug.cgi?id=2318821

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-11-18T11:14:03.856Z

Updated: 2024-11-19T14:52:32.175Z

Reserved: 2024-10-09T12:15:07.577Z

Link: CVE-2024-48897

Vulnrichment

Updated: 2024-11-19T14:52:26.558Z

NVD

Status : Analyzed

Published: 2024-11-18T12:15:18.243

Modified: 2024-11-20T14:48:25.373

Link: CVE-2024-48897

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-48897", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-10-09T12:15:07.577Z", "datePublished": "2024-11-18T11:14:03.856Z", "dateUpdated": "2024-11-19T14:52:32.175Z"}, "containers": {"cna": {"title": "Moodle: idor in edit/delete rss feed", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify."}], "affected": [{"versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.4", "versionType": "semver"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.8", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.11", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.14", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.1.0", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://moodle.org/", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318821", "name": "RHBZ#2318821", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-10-15T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "Improper Authorization", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-285: Improper Authorization", "timeline": [{"lang": "en", "time": "2024-10-15T17:23:15.394000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-15T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-18T11:14:03.856Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-19T14:51:39.562696Z", "id": "CVE-2024-48897", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T14:52:32.175Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-48897", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-19T14:51:39.562696Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T14:52:26.558Z"}}], "cna": {"title": "Moodle: idor in edit/delete rss feed", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}], "affected": [{"versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.4", "versionType": "semver"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.8", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.11", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.14", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.1.0", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://moodle.org/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-10-15T17:23:15.394000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-10-15T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-10-15T00:00:00+00:00", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318821", "name": "RHBZ#2318821", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Improper Authorization"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-18T11:14:03.856Z"}, "x_redhatCweChain": "CWE-285: Improper Authorization"}}, "cveMetadata": {"cveId": "CVE-2024-48897", "state": "PUBLISHED", "dateUpdated": "2024-11-19T14:52:32.175Z", "dateReserved": "2024-10-09T12:15:07.577Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-18T11:14:03.856Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2D74BD7-3907-49E1-B2FC-A45108CB5AF0", "versionEndIncluding": "4.1.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCE4F475-9272-4891-B690-3AB9720CD2D8", "versionEndIncluding": "4.2.11", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A31566-F7AD-4FD4-82A6-CCE0D52123B8", "versionEndIncluding": "4.3.8", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "E073E9C6-D72C-4C82-92AF-6C02B81EB28B", "versionEndIncluding": "4.4.4", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Moodle. Se requieren verificaciones adicionales para garantizar que los usuarios solo puedan editar o eliminar los feeds RSS que tengan permiso para modificar."}], "id": "CVE-2024-48897", "lastModified": "2024-11-20T14:48:25.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-18T12:15:18.243", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318821"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "secalert@redhat.com", "type": "Secondary"}]}