CVE-2026-30884

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-30884

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30884.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-30884

Aliases

GHSA-8pjr-j7r4-ccjx

Published

2026-03-18T02:26:30.420Z

Modified

2026-04-10T05:42:37.302648Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key

Details

mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements belonging to any other course in the Moodle installation. The core_get_fragment callback editelement and the mod_customcert_save_element web service both fail to verify that the supplied elementid belongs to the authorized context, enabling cross-course information disclosure and data tampering. Versions 4.4.9 and 5.0.3 fix the issue.

Database specific

{
    "cwe_ids": [
        "CWE-639"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30884.json"
}

References

Affected packages

Git / github.com/mdjnelson/moodle-mod_customcert

Affected ranges

Type

GIT

Repo

https://github.com/mdjnelson/moodle-mod_customcert

Events

Introduced

Fixed

74b972034ecac6f1bd106b27d06c5e24b8a7f8c1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.4.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/mdjnelson/moodle-mod_customcert

Events

Introduced

8484023762a14c5602b5db9cef6401aba95077e4

Fixed

e0388cecce8810d1a6121da4ec4a475b49a760ee

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.3"
        }
    ]
}

Affected versions

v3.*

v3.10.0

v3.11.0

v3.11.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.6.0

v3.6.1

v3.6.2

v3.7.0

v3.7.1

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.9.0

v4.*

v4.0

v4.0.1

v4.0.2

v4.0.3

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v5.*

v5.0.0

v5.0.1

v5.0.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30884.json"