CVE-2024-48898
Moodle: some users can delete audiences of other reports
6.5
MEDIUM
CVSS 3.1
EPSS 0.23%
Description
A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.
How to fix CVE-2024-48898
To remediate CVE-2024-48898, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 4.1.19 or later
- —upgrade to 4.1.14 or later
Is CVE-2024-48898 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.1.19, >= 4.2.0, < 4.4.9
- from 0, < 4.1.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |