CVE-2024-48900: Moodle IDOR when accessing list of badge recipients

November 13, 2024

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

References

bugzilla.redhat.com/show_bug.cgi?id=2318818
github.com/advisories/GHSA-g8r3-2v89-j6r5
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=462879
nvd.nist.gov/vuln/detail/CVE-2024-48900

Code Behaviors & Features

Detect and mitigate CVE-2024-48900 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →