Insufficient Capability Checks in Moodle Leading to Unauthorized Badge Deletion
CVE-2024-43431

7.5HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 7 November 2024

What is CVE-2024-43431?

A vulnerability has been identified in Moodle due to insufficient capability checks, which allows users to delete badges they do not have legitimate access to. This issue poses a risk of unauthorized modifications within user accounts, potentially leading to data corruption or loss of integrity in the administrative settings. Promptly addressing this vulnerability is essential for maintaining the security and reliability of the Moodle platform.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2304259

https://moodle.org/mod/forum/discuss.php?d=461199

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2024