CVE-2024-45690 - Vulnerability Details - OpenCVE

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=2309939
https://moodle.org/security/

History

Mon, 02 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:moodle:moodle::::::::

Wed, 27 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Moodle Moodle moodle
Weaknesses		CWE-276
CPEs		cpe:2.3:a:moodle:moodle:-:::::::*
Vendors & Products		Moodle Moodle moodle
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 20 Nov 2024 10:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.
Title		Moodle: idor when deleting oauth2 linked accounts
References		https://bugzilla.redhat.com/show_bug.cgi?id=2309939 https://moodle.org/security/

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-11-20T10:23:38.420Z

Updated: 2024-11-27T14:15:55.442Z

Reserved: 2024-09-04T22:00:30.976Z

Link: CVE-2024-45690

Vulnrichment

Updated: 2024-11-27T14:15:16.951Z

NVD

Status : Analyzed

Published: 2024-11-20T11:15:05.413

Modified: 2025-06-02T15:34:48.510

Link: CVE-2024-45690

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45690", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-09-04T22:00:30.976Z", "datePublished": "2024-11-20T10:23:38.420Z", "dateUpdated": "2024-11-27T14:15:55.442Z"}, "containers": {"cna": {"title": "Moodle: idor when deleting oauth2 linked accounts", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.1.13", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.10", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThan": "4.3.7", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.3", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309939", "name": "RHBZ#2309939", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/security/"}], "datePublic": "2024-09-09T00:00:00+00:00", "timeline": [{"lang": "en", "time": "2024-09-04T22:08:34.101000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-09T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-20T10:23:38.420Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.1.13", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "4.2.10", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "4.3.7", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "4.4.3", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T14:15:47.908173Z", "id": "CVE-2024-45690", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:15:55.442Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45690", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-27T14:15:47.908173Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.13", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.2.10", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.3.7", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "4.4.3", "versionType": "semver"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:15:16.951Z"}}], "cna": {"title": "Moodle: idor when deleting oauth2 linked accounts", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.1.13", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.10", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThan": "4.3.7", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.3", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-09-04T22:08:34.101000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-09T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-09-09T00:00:00+00:00", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309939", "name": "RHBZ#2309939", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/security/"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-20T10:23:38.420Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45690", "state": "PUBLISHED", "dateUpdated": "2024-11-27T14:15:55.442Z", "dateReserved": "2024-09-04T22:00:30.976Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-11-20T10:23:38.420Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFA99B07-9756-4DF8-A807-72D175B485F8", "versionEndExcluding": "4.1.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BA66423-C6E4-4083-A957-D8DAC924FA7D", "versionEndExcluding": "4.2.10", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "22C8E2F5-D5D6-4309-91AB-C5AF23255D2C", "versionEndExcluding": "4.3.7", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CD03E57-232E-442C-B1E0-9C0974006F78", "versionEndExcluding": "4.4.3", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Moodle. Se requirieron verificaciones adicionales para garantizar que los usuarios solo puedan eliminar sus cuentas vinculadas a OAuth2."}], "id": "CVE-2024-45690", "lastModified": "2025-06-02T15:34:48.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-20T11:15:05.413", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309939"}, {"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://moodle.org/security/"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}