CVE-2024-48900
Moodle: idor when accessing list of badge recipients
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
moodleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →