2025-02-24
Moodle, a widely used learning management system, has been found to have an Insecure Direct Object Reference (IDOR) vulnerability in its badges functionality. This vulnerability allows unauthorized users to disable arbitrary badges that they do not have permission to access. The issue arises due to insufficient capability checks within the system.
The vulnerability affects multiple versions of Moodle:
– Versions >= 4.5.0-beta and < 4.5.2
– Versions >= 4.4.0-beta and < 4.4.6
– Versions >= 4.3.0-beta and < 4.3.10
– Versions < 4.1.16
Patched versions have been released to address this issue:
– Version 4.5.2
– Version 4.4.6
– Version 4.3.10
– Version 4.1.16
The vulnerability was published by the National Vulnerability Database and the GitHub Advisory Database on February 24, 2025. It was reviewed and updated on the same day. The severity of this vulnerability is classified as low.
Form:
Platform: Moodle
Version: 4.5.0-beta
Vulnerability: IDOR
Severity: Low
date: 2025-02-24
What Undercode Say:
Moodle, a popular learning management system, has disclosed a low-severity IDOR vulnerability affecting its badges functionality. This flaw allows unauthorized users to disable badges they should not have access to, due to insufficient capability checks. The vulnerability impacts several versions of Moodle, including beta and stable releases. Patched versions have been released to mitigate the issue, and users are advised to update to the latest versions to ensure security.
The vulnerability was identified and published by the National Vulnerability Database and GitHub Advisory Database on February 24, 2025. It was reviewed and updated on the same day, emphasizing the importance of timely updates and security patches. Despite its low severity, this vulnerability highlights the need for robust capability checks in software systems to prevent unauthorized access and manipulation of data.
Moodle users, particularly those running affected versions, should prioritize updating to the patched versions to safeguard their systems. The quick response from the Moodle development team in releasing patches demonstrates their commitment to maintaining the security and integrity of their platform. This incident serves as a reminder for all software users to stay vigilant and proactive in applying security updates to protect against potential vulnerabilities.
References:
Reported By: https://github.com/advisories/GHSA-g88w-v4cq-qgcp
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help