CVE-2024-1439

MEDIUM

Moodle < 4.2.11 - Improper Access Control

Title source: llm

Description

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

moodle/moodle < 4.2.11

moodle/moodle 0Packagist

Published Feb 12, 2024

Tracked Since Feb 18, 2026