VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-k26f-nrwv-pub7

Vulnerability ID	VCID-k26f-nrwv-pub7
Aliases	CVE-2024-48900 GHSA-g8r3-2v89-j6r5
Summary	Moodle IDOR when accessing list of badge recipients A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83178
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-48900
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2024-48900
cvssv3.1	4.3	https://bugzilla.redhat.com/show_bug.cgi?id=2318818
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2318818
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2318818
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-g8r3-2v89-j6r5
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=462879
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-48900

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83178
		https://api.first.org/data/v1/epss?cve=CVE-2024-48900
		https://bugzilla.redhat.com/show_bug.cgi?id=2318818
		https://github.com/moodle/moodle
		https://moodle.org/mod/forum/discuss.php?d=462879
		https://nvd.nist.gov/vuln/detail/CVE-2024-48900
cpe:2.3:a:moodle:moodle::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle::::::::
GHSA-g8r3-2v89-j6r5		https://github.com/advisories/GHSA-g8r3-2v89-j6r5

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2318818

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T18:06:37Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2318818

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:10:39.873117+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-g8r3-2v89-j6r5/GHSA-g8r3-2v89-j6r5.json	36.1.3