Vulnerability Description
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 4.1.0, < 4.1.9 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2264096Issue Tracking
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://moodle.org/mod/forum/discuss.php?d=455636Vendor Advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2264096Issue Tracking
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://moodle.org/mod/forum/discuss.php?d=455636Vendor Advisory
FAQ
What is CVE-2024-25980?
CVE-2024-25980 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
How severe is CVE-2024-25980?
CVE-2024-25980 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25980?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora.