Vulnerabilities > CVE-2024-25981
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Moodle
| 27 |
| OS | 1 |
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504
- https://bugzilla.redhat.com/show_bug.cgi?id=2264097
- https://bugzilla.redhat.com/show_bug.cgi?id=2264097
- https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/
- https://moodle.org/mod/forum/discuss.php?d=455637
- https://moodle.org/mod/forum/discuss.php?d=455637