Bug 2318819 (CVE-2024-48899) - CVE-2024-48899 moodle: IDOR when accessing list of course badges Key Information: Bug ID: 2318819 CVE ID: CVE-2024-48899 Product: Moodle Component: vulnerability Version: unspecified Severity: medium Status: NEW Reported: 2024-10-15 17:32 UTC by OSIDB Bzimport Modified: 2024-10-16 15:51 UTC Assignee: Product Security DevOps Team Doc Type: 1 Doc Text: A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses they are intended to have access to. Additional Details: Environment: Not specified Last Closed: Not applicable Embargoed: Not applicable Attachments: Description: Additional checks were required to ensure users can only fetch the list of course badges for courses they are intended to have access to. Note: You need to log in before you can comment on or make changes to this bug.