CVE-2024-45689: Moodle allows users to retrieve information they did not have permission to access

November 20, 2024

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

References

bugzilla.redhat.com/show_bug.cgi?id=2309941
github.com/advisories/GHSA-j822-x5gg-5r56
github.com/moodle/moodle
github.com/moodle/moodle/commit/bb466df202a4b4a692006298f93cbba20566949c
moodle.org/mod/forum/discuss.php?d=461894
nvd.nist.gov/vuln/detail/CVE-2024-45689

Code Behaviors & Features

Detect and mitigate CVE-2024-45689 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →