2025-02-24
Moodle’s feedback response viewing and deletions did not respect Separate Groups mode. This vulnerability has been classified as moderate severity. The issue was identified in the GitHub Advisory Database and published 39 minutes ago on February 24, 2025. It was last updated 8 minutes ago on the same date.
The affected versions of Moodle include:
– Versions >= 4.5.0-beta and < 4.5.2
– Versions >= 4.4.0-beta and < 4.4.6
– Versions >= 4.3.0-beta and < 4.3.10
– Versions < 4.1.16
The patched versions are:
– 4.5.2
– 4.4.6
– 4.3.10
– 4.1.16
The vulnerability arises because Separate Groups mode restrictions were not properly factored into permission checks before allowing viewing or deletion of responses in Feedback activities. This issue was published by the National Vulnerability Database 2 hours ago on February 24, 2025, and reviewed 9 minutes ago on the same date.
Form:
Platform: Moodle
Version: 4.5.0-beta
Vulnerability: Permission Bypass
Severity: Moderate
Date: 2025-02-24
What Undercode Say:
Moodle’s feedback response viewing and deletions did not respect Separate Groups mode, leading to a moderate-severity vulnerability. The issue affects multiple versions of Moodle, including 4.5.0-beta to 4.5.2, 4.4.0-beta to 4.4.6, 4.3.0-beta to 4.3.10, and versions below 4.1.16. Patched versions have been released to address the vulnerability, which involves improper permission checks in Feedback activities. The vulnerability was published by the National Vulnerability Database and GitHub Advisory Database on February 24, 2025. The issue was reviewed and updated multiple times on the same day, highlighting its significance. Users are advised to update to the patched versions to mitigate the risk. The vulnerability underscores the importance of proper permission checks in group-based activities within learning management systems. This incident serves as a reminder for developers to rigorously test group mode functionalities to prevent similar issues in the future. The timely identification and patching of this vulnerability demonstrate the effectiveness of collaborative security efforts between platforms like GitHub and the National Vulnerability Database. Educational institutions and organizations using Moodle should prioritize updating their systems to ensure the security and privacy of user data. This vulnerability, while moderate in severity, could have significant implications for institutions relying on Separate Groups mode for managing feedback responses. The incident also highlights the need for continuous monitoring and updating of software to address emerging security threats. Overall, this vulnerability serves as a case study in the importance of maintaining robust security practices in educational technology platforms.
References:
Reported By: https://github.com/advisories/GHSA-pxg4-xjp7-w9c5
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help