Home > Vulnerability Database > CVE-2024-25980

Mend.io Vulnerability Database

CVE-2024-25980

Good to know:

Date: February 19, 2024

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

Language: PHP

Severity Score

4.3

Related Resources (6)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25980

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2264096

Url: https://moodle.org/mod/forum/discuss.php?d=455636

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501

Url: https://www.mend.io/vulnerability-database/CVE-2024-25980

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v4.1.9,v4.2.6,v4.3.3

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25980

Good to know:

Date: February 19, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?