CVE-2024-25980

Msa-24-0003: h5p attempts report did not respect activity group settings

CVSS 4.3 MEDIUMEPSS 0.5%CWE-284

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 fev 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

moodle

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501 https://bugzilla.redhat.com/show_bug.cgi?id=2264096 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/https://moodle.org/mod/forum/discuss.php?d=455636