Vulnerability Details CVE-2024-38273
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
- https://moodle.org/mod/forum/discuss.php?d=459498
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
- https://moodle.org/mod/forum/discuss.php?d=459498
Products affected by CVE-2024-38273
-
cpe:2.3:a:moodle:moodle:4.1.0
-
cpe:2.3:a:moodle:moodle:4.1.1
-
cpe:2.3:a:moodle:moodle:4.1.10
-
cpe:2.3:a:moodle:moodle:4.1.3
-
cpe:2.3:a:moodle:moodle:4.1.4
-
cpe:2.3:a:moodle:moodle:4.1.5
-
cpe:2.3:a:moodle:moodle:4.1.6
-
cpe:2.3:a:moodle:moodle:4.1.8
-
cpe:2.3:a:moodle:moodle:4.1.9
-
cpe:2.3:a:moodle:moodle:4.2.0
-
cpe:2.3:a:moodle:moodle:4.2.1
-
cpe:2.3:a:moodle:moodle:4.2.2
-
cpe:2.3:a:moodle:moodle:4.2.3
-
cpe:2.3:a:moodle:moodle:4.2.4
-
cpe:2.3:a:moodle:moodle:4.2.5
-
cpe:2.3:a:moodle:moodle:4.2.6
-
cpe:2.3:a:moodle:moodle:4.2.7
-
cpe:2.3:a:moodle:moodle:4.3.0
-
cpe:2.3:a:moodle:moodle:4.3.1
-
cpe:2.3:a:moodle:moodle:4.3.2
-
cpe:2.3:a:moodle:moodle:4.3.3
-
cpe:2.3:a:moodle:moodle:4.3.4
-
cpe:2.3:a:moodle:moodle:4.4.0
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:fedoraproject:fedora:40