CVE-2024-1439
Inadequate access control vulnerability in Moodle
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.
Control de acceso inadecuado en Moodle LMS. Esta vulnerabilidad podría permitir que un usuario local con rol de estudiante cree eventos arbitrarios destinados a usuarios con roles superiores. También podría permitir al atacante agregar eventos al calendario de todos los usuarios sin su consentimiento previo.
*Credits:
David Utón Amaya
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-12 CVE Reserved
- 2024-02-12 CVE Published
- 2024-02-13 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
- CAPEC-536: Data Injected During Configuration
References (1)
URL | Tag | Source |
---|---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|