CVE-2024-45689 - Vulnerability Details - OpenCVE

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2309941

History

Mon, 02 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Moodle Moodle moodle
Weaknesses		CWE-862
CPEs		cpe:2.3:a:moodle:moodle::::::::
Vendors & Products		Moodle Moodle moodle

Wed, 20 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 20 Nov 2024 10:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.
Title		Moodle: unprotected access to sensitive information via dynamic tables
References		https://bugzilla.redhat.com/show_bug.cgi?id=2309941

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-11-20T10:22:48.635Z

Updated: 2024-11-20T19:18:18.428Z

Reserved: 2024-09-04T22:00:30.976Z

Link: CVE-2024-45689

Vulnrichment

Updated: 2024-11-20T19:18:13.720Z

NVD

Status : Analyzed

Published: 2024-11-20T11:15:05.337

Modified: 2025-06-02T15:33:57.730

Link: CVE-2024-45689

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45689", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-09-04T22:00:30.976Z", "datePublished": "2024-11-20T10:22:48.635Z", "dateUpdated": "2024-11-20T19:18:18.428Z"}, "containers": {"cna": {"title": "Moodle: unprotected access to sensitive information via dynamic tables", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.1.13", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.10", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThan": "4.3.7", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.3", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309941", "name": "RHBZ#2309941", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-09-09T00:00:00+00:00", "timeline": [{"lang": "en", "time": "2024-09-04T22:04:16.030000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-09T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-20T10:22:48.635Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T19:17:47.273423Z", "id": "CVE-2024-45689", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T19:18:18.428Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45689", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-20T19:17:47.273423Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T19:18:13.720Z"}}], "cna": {"title": "Moodle: unprotected access to sensitive information via dynamic tables", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.1.13", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.10", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThan": "4.3.7", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.3", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-09-04T22:04:16.030000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-09T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-09-09T00:00:00+00:00", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309941", "name": "RHBZ#2309941", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-20T10:22:48.635Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45689", "state": "PUBLISHED", "dateUpdated": "2024-11-20T19:18:18.428Z", "dateReserved": "2024-09-04T22:00:30.976Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-11-20T10:22:48.635Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFA99B07-9756-4DF8-A807-72D175B485F8", "versionEndExcluding": "4.1.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BA66423-C6E4-4083-A957-D8DAC924FA7D", "versionEndExcluding": "4.2.10", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "22C8E2F5-D5D6-4309-91AB-C5AF23255D2C", "versionEndExcluding": "4.3.7", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CD03E57-232E-442C-B1E0-9C0974006F78", "versionEndExcluding": "4.4.3", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Moodle. Las tablas din\u00e1micas no aplicaban comprobaciones de capacidad, lo que provocaba que los usuarios pudieran recuperar informaci\u00f3n a la que no ten\u00edan permiso de acceso."}], "id": "CVE-2024-45689", "lastModified": "2025-06-02T15:33:57.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-20T11:15:05.337", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309941"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}