Home > Vulnerability Database > CVE-2024-25980

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-25980

Date: February 19, 2024

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

Language: PHP

Severity Score

4.3

Related Resources (9)

Url: https://github.com/moodle/moodle/commit/662192fcecdefdaae79f55db96bd64dbcdeef85b

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25980

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2264096

Url: https://github.com/moodle/moodle

Url: https://moodle.org/mod/forum/discuss.php?d=455636

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB

Url: https://www.mend.io/vulnerability-database/CVE-2024-25980

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us