vulnerability

Moodle: Improper Access Control (CVE-2024-48899)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Nov 20, 2024	Jun 4, 2025	May 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Nov 20, 2024

Added

Jun 4, 2025

Modified

May 7, 2026

Description

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Solution

moodle-upgrade-latest

References

CVE-2024-48899
https://attackerkb.com/topics/CVE-2024-48899
https://bugzilla.redhat.com/show_bug.cgi?id=2318819
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-3379
CWE-284
CWE-639
EUVD-EUVD-2024-3379

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report