CVE-2024-48900

CVE-2024-48900: Moodle: idor when accessing list of badge recipients

Weakness CWE-200 · Info exposure

Published November 13, 2024

Last update November 21, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

Key dates

02Disclosure timeline

November 13, 2024 CVE published

November 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-48900 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack CVE-2023-33956 Parameter based Indirect Object Referencing leading to private file exposure in Kanboard CVE-2024-8516 Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure CVE-2023-46183 IBM PowerVM Hypervisor information disclosure CVE-2025-60949 Census CSWeb leaked configuration files