CVE-2024-45689
Moodle: unprotected access to sensitive information via dynamic tables
6.5
MEDIUM
CVSS 3.1
EPSS 0.13%
Description
A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.
How to fix CVE-2024-45689
To remediate CVE-2024-45689, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 4.1.13 or later
- —upgrade to 4.1.13 or later
Is CVE-2024-45689 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.1.13, >= 4.2.0, < 4.2.10, >= 4.3.0, < 4.3.7, >= 4.4.0, < 4.4.3
- from 0, < 4.1.13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |