CVE-2024-48899
Moodle: idor when accessing list of course badges
4.3
MEDIUM
CVSS 3.1
EPSS 0.19%
Description
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.
How to fix CVE-2024-48899
To remediate CVE-2024-48899, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 4.4.4 or later
- —upgrade to 4.4.3 or later
Is CVE-2024-48899 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 4.4.0, < 4.4.4
- >= 4.4.0-beta, < 4.4.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |