CVE-2024-48899: Moodle IDOR when accessing list of course badges

November 20, 2024

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

References

bugzilla.redhat.com/show_bug.cgi?id=2318819
github.com/advisories/GHSA-r4xr-m393-778m
github.com/moodle/moodle
github.com/moodle/moodle/commit/07ad4b8ebc715056056e01f2175820bfce6b290f
moodle.org/mod/forum/discuss.php?d=462878
nvd.nist.gov/vuln/detail/CVE-2024-48899

Code Behaviors & Features

Detect and mitigate CVE-2024-48899 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →