CVE-2024-38273

CWE-284 — Improper Access Control5 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 57.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Moodle Fedoraproject Fedora

Timeline

PublishedJun 18

Description

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶NVDmoodle/moodle4.1.0 — 4.1.11+3

▶Packagistmoodle/moodle4.4.0-beta — 4.4.1+3

▶CVEListV5moodle/moodle4.3 — 4.3.4+3

Also affects: Fedora 39, 40

🔴Vulnerability Details

CVEList

moodle: BigBlueButton web service leaks meeting joining information to users who should not have access↗2024-06-18

▶

OSV

CVE-2024-38273: Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access↗2024-06-18

▶

OSV

Moodle BigBlueButton web service leaks meeting joining information↗2024-06-18

▶

GHSA

Moodle BigBlueButton web service leaks meeting joining information↗2024-06-18

▶