Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43431", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-08-13T07:15:00.598Z", "datePublished": "2024-11-07T13:27:07.968Z", "dateUpdated": "2024-11-07T15:55:57.730Z"}, "containers": {"cna": {"title": "Moodle: idor in badges allows deletion of arbitrary badges", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.1.12", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.9", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThan": "4.3.6", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.2", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304259", "name": "RHBZ#2304259", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461199"}], "datePublic": "2024-08-19T04:00:00+00:00", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-08-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-08-19T04:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-07T13:27:07.968Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "affected": [{"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.1.12", "versionType": "semver"}, {"version": "4.2", "status": "affected", "lessThan": "4.2.9", "versionType": "semver"}, {"version": "4.3", "status": "affected", "lessThan": "4.3.6", "versionType": "semver"}, {"version": "4.4", "status": "affected", "lessThan": "4.4.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T14:40:53.002108Z", "id": "CVE-2024-43431", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T15:55:57.730Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat