Primary

Context

IcProgress Innovación y Cualificación Plugin Broken Access Control Vulnerability

Vulnerability

A broken access control vulnerability exists in the IcProgress Innovación y Cualificación plugin for Moodle. This vulnerability allows attackers to access sensitive information about other users, including public IP addresses and private messages. The issue arises from inadequate restrictions on user data access, enabling unauthorized information retrieval.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, such as IP addresses and private messages.

Remediation

A new version has been released to address these vulnerabilities, and it has been implemented in all affected installations. The update process will be completed by December 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IcProgress Innovación y Cualificación Plugin Broken Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating