Main Vulnerability Database Vulnerabilities #VU101809

#VU101809 Improper privilege management in Moodle - CVE-2024-55646

Published: December 17, 2024

Vulnerability identifier: #VU101809

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-55646

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper privilege management. In a database activity with separate groups mode enabled, users who were not in a group (and did not have permission to access all groups) could see entries from members of all groups in the activity, rather than just entries of users also not in any groups.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=464557

#VU101809 Improper privilege management in Moodle - CVE-2024-55646

Description

Remediation

External links

Please verify you're human