Vulnerabilities > CVE-2024-25983 - Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Moodle
| 27 |
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300
- https://bugzilla.redhat.com/show_bug.cgi?id=2264099
- https://bugzilla.redhat.com/show_bug.cgi?id=2264099
- https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/
- https://moodle.org/mod/forum/discuss.php?d=455641
- https://moodle.org/mod/forum/discuss.php?d=455641