CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-38273: moodle: BigBlueButton web service leaks meeting joining information to users who should not have access
Description
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Classification
CVE ID: CVE-2024-38273
Affected Products
Vendor: Moodle
Product: Moodle
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 18.39% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://moodle.org/mod/forum/discuss.php?d=459498https://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
https://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/