CVE-2024-48899

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-48899

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48899.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48899

Aliases

Downstream

UBUNTU-CVE-2024-48899

Published

2024-11-20T11:15:05.563Z

Modified

2026-03-12T11:16:59.038820Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2318819

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Fixed

d7e3bea9fa95ff686b370969cc1bcc3fca0919bf

Database specific

{
    "versions": [
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.4"
        }
    ]
}

Affected versions

v4.*

v4.4.0

v4.4.1

v4.4.2

v4.4.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48899.json"