2024-11-20
:
Moodle is vulnerable to an Improper Authorization issue (CVE-2024-48901). An attacker could potentially access the schedule of reports without having permission to edit them.
Vulnerability Details:
Platform: Moodle
Version: Versions before 4.5.0-rc2 are affected (unclear which specific versions)
Vulnerability: Improper Authorization
Severity: Medium (CVSS v2 score: 6.4, CVSS v3 score: 4.3)
Date: November 18, 2024 (published), November 20, 2024 (last modified)
What Undercode Says:
This vulnerability allows unauthorized users to view report schedules in Moodle. It’s important to update to Moodle version 4.5.0-rc2 or later to address this issue.
Additional Notes:
The specific versions of Moodle affected are not entirely clear from the available information.
There are currently no public exploits available for this vulnerability.
It is recommended to update Moodle to the latest version as soon as possible to mitigate this risk.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help