CVE-2024-48897: 
PHP vulnerability analysis and mitigation

A vulnerability was discovered in Moodle that requires additional security checks to ensure users can only edit or delete RSS feeds that they have permission to modify. The vulnerability was assigned CVE-2024-48897 and was first reported on November 18, 2024. This vulnerability affects multiple versions of Moodle including versions up to 4.1.14, 4.2.0 to 4.2.11, 4.3.0 to 4.3.8, and 4.4.0 to 4.4.4 (NVD).

The vulnerability has been classified as an Incorrect Authorization issue (CWE-863) and Improper Authorization (CWE-285). The National Vulnerability Database has assigned it a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. Additionally, CISA-ADP assessed it with a higher CVSS score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability allows users to edit or delete RSS feeds without proper authorization checks, potentially leading to unauthorized modification of RSS feed content. The CVSS scores indicate that while confidentiality is not impacted, there is a potential for integrity impacts ranging from low to high depending on the assessment (NVD).