MSA-25-0058: Participants can access forum ratings without permission

Kurzinfo

Veroeffentlicht: 2025-12-15 12:22 UTC Importiert: 2026-05-14 18:44 UTC Quelle-ID: moodle uid_hash: 1210d192fbee36c659b9df92ec72a27b3fa0bfef156277ceeea3600b3192db7b
Moodle Security Announcements

Inhalt

by Michael Hawkins. Forum ratings required additional permission checks to prevent users from being able to view ratings they did not have the capability to access. Severity/Risk: Minor Versions affected: 5.1, 5.0 to 5.0.3, 4.5 to 4.5.7, 4.4 to 4.4.11, 4.1 to 4.1.21 and earlier unsupported versions Versions fixed: 5.1.1, 5.0.4, 4.5.8, 4.4.12 and 4.1.22 Reported by: Stefan Hanauska CVE identifier: CVE-2025-67854 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-86960 Tracker issue: MDL-86960 Participants can access forum ratings without permission

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2025-67854

 - - - -

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Moodle Security Announcements

moodle

 vendor_advisory cms - de https://moodle.org/rss/file.php/154821/7ef1adaa0762dfdd7cd390868b6d9f2b/mod_forum/996/rss.xml
Zurueck zur Eintrags-Liste