Search for vulnerabilities
Vulnerability details: VCID-r4ev-h43h-17g1
Vulnerability ID VCID-r4ev-h43h-17g1
Aliases CVE-2024-45690
GHSA-fhg2-r2h9-h7q8
Summary Moodle IDOR when deleting OAuth2 linked accounts A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-276 Incorrect Default Permissions
CWE-639 Authorization Bypass Through User-Controlled Key
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2024-45690
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2024-45690
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=2309939
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2309939
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2309939
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fhg2-r2h9-h7q8
cvssv3.1 7.5 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 7.5 https://github.com/moodle/moodle/commit/809629e5afcd5be087e65668fe6cf67f2f4f5145
generic_textual MODERATE https://github.com/moodle/moodle/commit/809629e5afcd5be087e65668fe6cf67f2f4f5145
cvssv3.1 7.5 https://moodle.org/mod/forum/discuss.php?d=461895#p1854492
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=461895#p1854492
cvssv3.1 7.5 https://moodle.org/security
generic_textual MODERATE https://moodle.org/security
cvssv3.1 7.5 https://moodle.org/security/
ssvc Track https://moodle.org/security/
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-45690
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-45690
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-45690
https://bugzilla.redhat.com/show_bug.cgi?id=2309939
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/809629e5afcd5be087e65668fe6cf67f2f4f5145
https://moodle.org/mod/forum/discuss.php?d=461895#p1854492
https://moodle.org/security
https://nvd.nist.gov/vuln/detail/CVE-2024-45690
GHSA-fhg2-r2h9-h7q8 https://github.com/advisories/GHSA-fhg2-r2h9-h7q8
security https://moodle.org/security/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2309939
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:15:47Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2309939
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/moodle/moodle/commit/809629e5afcd5be087e65668fe6cf67f2f4f5145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://moodle.org/mod/forum/discuss.php?d=461895#p1854492
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://moodle.org/security
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://moodle.org/security/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:15:47Z/ Found at https://moodle.org/security/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45690
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.24829
EPSS Score 0.00081
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:10:41.786172+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-fhg2-r2h9-h7q8/GHSA-fhg2-r2h9-h7q8.json 36.1.3