5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-25983

GHSA ID

GHSA-9r26-5w88-qhp9

EPSS Score

0.3346%

CWE

CWE-639

Published

2/19/2024

Updated

1/23/2025

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-25983

CVE-2024-25983: Authorization Bypass in moodle

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-25983

CVE-2024-25983:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-25983

GHSA ID

GHSA-9r26-5w88-qhp9

EPSS Score

0.3346%

CWE

CWE-639

Published

2/19/2024

Updated

1/23/2025

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 4.3.0, < 4.3.3	4.3.3
moodle/moodle	composer	>= 4.2.0, < 4.2.6	4.2.6
moodle/moodle	composer

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability was patched by modifying block_comments_comment_permissions in blocks/comments/lib.php. The pre-patch version lacked context-aware permission checks, enabling authorization bypass. The commit adds critical validation of user context and block instance existence, directly addressing CWE-639 by ensuring permissions depend on contextual authorization rather than blanket access.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-25983: Authorization Bypass in moodle

CVE-2024-25983:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2024-25983: Authorization Bypass in moodle

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

5.3

5.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI