CVE-2024-38273
moodle: BigBlueButton web service leaks meeting joining information to users who should not have access
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Produtos afetados
Moodle · MoodleQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/https://moodle.org/mod/forum/discuss.php?d=459498