{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-48900","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2024-10-09T12:15:07.577Z","datePublished":"2024-11-13T14:27:07.416Z","dateUpdated":"2024-11-21T18:06:59.546Z"},"containers":{"cna":{"title":"Moodle: idor when accessing list of badge recipients","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to."}],"affected":[{"versions":[{"status":"affected","version":"4.4.0","lessThan":"4.4.4","versionType":"semver"}],"packageName":"moodle","collectionURL":"https://moodle.org/","defaultStatus":"unaffected"}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2318818","name":"RHBZ#2318818","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2024-10-15T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","timeline":[{"lang":"en","time":"2024-10-15T17:23:10.053Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-10-15T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-11-13T14:27:07.416Z"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-21T18:06:37.905810Z","id":"CVE-2024-48900","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-21T18:06:59.546Z"}}]},"dataVersion":"5.1"}