CVE-2024-25983

LOW 3.5

Msa-24-0006: idor on dashboard comments block

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

0th

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

CWE	CWE-639
Published	Feb 19, 2024
Last Updated	Aug 1, 2024

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new low vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.moodle.org: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2264099 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ moodle.org: https://moodle.org/mod/forum/discuss.php?d=455641

Credits

Red Hat would like to thank BA7MAN for reporting this issue.