CVE-2024-43435 MEDIUM

CVE-2024-43435: Moodle: can create global glossary without being admin

Published November 11, 2024
Last update November 12, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.

Key dates

02Disclosure timeline

November 11, 2024 CVE published
November 12, 2024 Record updated