2332781 – (CVE-2024-55646) CVE-2024-55646 moodle: Database activity issue in separate groups mode, for users not in a group

Bug 2332781 (CVE-2024-55646) - CVE-2024-55646 moodle: Database activity issue in separate groups mode, for users not in a group

Summary: CVE-2024-55646 moodle: Database activity issue in separate groups mode, for u...

Keywords:
Status:	NEW
Alias:	CVE-2024-55646
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2332813 2332814
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-17 11:59 UTC by OSIDB Bzimport
Modified:	2024-12-17 12:59 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-12-17 11:59:17 UTC

In a database activity with separate groups mode enabled, users who were not in a group (and did not have permission to access all groups) could see entries from members of all groups in the activity, rather than just entries of users also not in any groups. Note: Users within groups worked as intended, only able to see entries belonging to other members of their group(s).

Versions affected: 4.5, 4.4 to 4.4.4, 4.3 to 4.3.8, 4.1 to 4.1.14 and earlier unsupported versions
Versions fixed: 4.5.1, 4.4.5, 4.3.9 and 4.1.15

Note You need to log in before you can comment on or make changes to this bug.