Inadequate Access Control in Moodle LMS Could Allow Arbitrary Event Creation
CVE-2024-1439

3.3LOW

Key Information:

Vendor: Moodle
Status: LMS
Vendor: CVE Published:; 12 February 2024

What is CVE-2024-1439?

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LMS 0 <= 4.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/inadeq...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

David Utón Amaya

JSON

Moodle

What is CVE-2024-1439?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.