Miggo Logo
Miggo Vulnerability Database
CVE-2024-48897

CVE-2024-48897: moodle: IDOR in edit/delete RSS feed

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-48897
GHSA ID
GHSA-x3x9-349x-2485
EPSS Score
0.28584%
CWE
CWE-285
Published
11/18/2024
Updated
11/20/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer< 4.1.144.1.14
moodle/moodlecomposer>= 4.2.0, < 4.2.114.2.11
moodle/moodlecomposer>= 4.3.0, < 4.3.84.3.8
moodle/moodlecomposer>= 4.4.0, < 4.4.44.4.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing authorization checks in RSS feed management operations. Moodle's RSS functionality typically involves block/rss_client components and core RSS libraries. Functions like block_rss_client_edit_action (handling edit/delete requests) and rss_delete_feed (core deletion logic) are prime candidates because:

  1. IDOR vulnerabilities often occur in CRUD operations lacking ownership/context checks
  2. The CWE-285/863 alignment indicates missing capability checks (e.g., require_capability('block/rss_client:managefeeds'))
  3. Historical Moodle vulnerabilities in RSS modules often involve these components Confidence is medium due to lack of direct patch/diff access, but matches the described vulnerability pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in Moo*l*. ***ition*l ****ks *r* r*quir** to *nsur* us*rs **n only **it or **l*t* RSS ****s t**t t**y **v* p*rmission to mo*i*y.

Reasoning

T** vuln*r**ility st*ms *rom missin* *ut*oriz*tion ****ks in RSS **** m*n***m*nt op*r*tions. Moo*l*'s RSS *un*tion*lity typi**lly involv*s *lo*k/rss_*li*nt *ompon*nts *n* *or* RSS li*r*ri*s. *un*tions lik* *lo*k_rss_*li*nt_**it_**tion (**n*lin* **it/