CVE-2024-25980
Msa-24-0003: h5p attempts report did not respect activity group settings
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
19 feb 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
moodle¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501https://bugzilla.redhat.com/show_bug.cgi?id=2264096https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/https://moodle.org/mod/forum/discuss.php?d=455636