Home

Description

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.

PUBLISHED Reserved 2024-08-13 | Published 2024-11-11 | Updated 2024-11-12 | Assigner fedora




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Product status

Default status
unaffected

Any version before 4.1.12
affected

4.2 (semver) before 4.2.9
affected

4.3 (semver) before 4.3.6
affected

4.4 (semver) before 4.4.2
affected

Timeline

2024-08-12:Reported to Red Hat.
2024-08-19:Made public.

References

bugzilla.redhat.com/show_bug.cgi?id=2304261 (RHBZ#2304261) issue-tracking

moodle.org/mod/forum/discuss.php?d=461202

cve.org (CVE-2024-43433)

nvd.nist.gov (CVE-2024-43433)

Download JSON