Vulnerability Description
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 4.1.0, < 4.1.11 |
| Fedoraproject | Fedora | 39 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://moodle.org/mod/forum/discuss.php?d=459498Vendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://moodle.org/mod/forum/discuss.php?d=459498Vendor Advisory
FAQ
What is CVE-2024-38273?
CVE-2024-38273 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
How severe is CVE-2024-38273?
CVE-2024-38273 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38273?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora.