CVE-2024-38273: Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
References
- github.com/advisories/GHSA-x29x-qwvx-fxr2
- github.com/moodle/moodle
- github.com/moodle/moodle/commit/500cec575731fd8575569dcb5811535751dddae1
- github.com/moodle/moodle/commit/647b9dc06409211018c9f28581504d096ce9e3a8
- github.com/moodle/moodle/commit/6c0645ca29b195b5caaffc27d80f2ff715c33a48
- github.com/moodle/moodle/commit/a10506b8d70609478fef156d489e0c7d727b6098
- moodle.org/mod/forum/discuss.php?d=459498
- nvd.nist.gov/vuln/detail/CVE-2024-38273
Detect and mitigate CVE-2024-38273 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →