CVE-2024-48898

Summary

A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

Affected Software

VendorProductVersion RangeStatus
4.4.0 < 4.4.4affected
4.3.0 < 4.3.8affected
4.2.0 < 4.2.11affected
4.1.0 < 4.1.14affected
0 < 4.1.0affected

Weaknesses

  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References