{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30884", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-06T00:04:56.700Z", "datePublished": "2026-03-18T02:26:30.420Z", "dateUpdated": "2026-03-18T19:17:40.756Z"}, "containers": {"cna": {"title": "mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/mdjnelson/moodle-mod_customcert/security/advisories/GHSA-8pjr-j7r4-ccjx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mdjnelson/moodle-mod_customcert/security/advisories/GHSA-8pjr-j7r4-ccjx"}, {"name": "https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f7888a7394cbf9d13c28468", "tags": ["x_refsource_MISC"], "url": "https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f7888a7394cbf9d13c28468"}, {"name": "https://github.com/mdjnelson/moodle-mod_customcert/commit/ddc8f01f1e19fb61202f6013a38ef757486d3ba0", "tags": ["x_refsource_MISC"], "url": "https://github.com/mdjnelson/moodle-mod_customcert/commit/ddc8f01f1e19fb61202f6013a38ef757486d3ba0"}], "affected": [{"vendor": "mdjnelson", "product": "moodle-mod_customcert", "versions": [{"version": "< 4.4.9", "status": "affected"}, {"version": ">= 5.0.0, < 5.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-18T02:26:30.420Z"}, "descriptions": [{"lang": "en", "value": "mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course can read and silently overwrite certificate elements belonging to any other course in the Moodle installation. The `core_get_fragment` callback `editelement` and the `mod_customcert_save_element` web service both fail to verify that the supplied `elementid` belongs to the authorized context, enabling cross-course information disclosure and data tampering. Versions 4.4.9 and 5.0.3 fix the issue."}], "source": {"advisory": "GHSA-8pjr-j7r4-ccjx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T19:13:43.965152Z", "id": "CVE-2026-30884", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T19:17:40.756Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30884", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T19:13:43.965152Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T19:17:37.085Z"}}], "cna": {"title": "mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key", "source": {"advisory": "GHSA-8pjr-j7r4-ccjx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "mdjnelson", "product": "moodle-mod_customcert", "versions": [{"status": "affected", "version": "< 4.4.9"}, {"status": "affected", "version": ">= 5.0.0, < 5.0.3"}]}], "references": [{"url": "https://github.com/mdjnelson/moodle-mod_customcert/security/advisories/GHSA-8pjr-j7r4-ccjx", "name": "https://github.com/mdjnelson/moodle-mod_customcert/security/advisories/GHSA-8pjr-j7r4-ccjx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f7888a7394cbf9d13c28468", "name": "https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f7888a7394cbf9d13c28468", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mdjnelson/moodle-mod_customcert/commit/ddc8f01f1e19fb61202f6013a38ef757486d3ba0", "name": "https://github.com/mdjnelson/moodle-mod_customcert/commit/ddc8f01f1e19fb61202f6013a38ef757486d3ba0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course can read and silently overwrite certificate elements belonging to any other course in the Moodle installation. The `core_get_fragment` callback `editelement` and the `mod_customcert_save_element` web service both fail to verify that the supplied `elementid` belongs to the authorized context, enabling cross-course information disclosure and data tampering. Versions 4.4.9 and 5.0.3 fix the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-18T02:26:30.420Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30884", "state": "PUBLISHED", "dateUpdated": "2026-03-18T19:17:40.756Z", "dateReserved": "2026-03-06T00:04:56.700Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-18T02:26:30.420Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course can read and silently overwrite certificate elements belonging to any other course in the Moodle installation. The `core_get_fragment` callback `editelement` and the `mod_customcert_save_element` web service both fail to verify that the supplied `elementid` belongs to the authorized context, enabling cross-course information disclosure and data tampering. Versions 4.4.9 and 5.0.3 fix the issue."}, {"lang": "es", "value": "mdjnelson/moodle-mod_customcert es un plugin de Moodle para crear certificados generados din\u00e1micamente con personalizaci\u00f3n completa a trav\u00e9s del navegador web. Antes de las versiones 4.4.9 y 5.0.3, un profesor que posee 'mod/customcert:manage' en cualquier curso individual puede leer y sobrescribir silenciosamente elementos de certificado pertenecientes a cualquier otro curso en la instalaci\u00f3n de Moodle. La devoluci\u00f3n de llamada 'core_get_fragment' 'editelement' y el servicio web 'mod_customcert_save_element' ambos no verifican que el 'elementid' proporcionado pertenezca al contexto autorizado, lo que permite la revelaci\u00f3n de informaci\u00f3n entre cursos y la manipulaci\u00f3n de datos. Las versiones 4.4.9 y 5.0.3 solucionan el problema."}], "id": "CVE-2026-30884", "lastModified": "2026-04-16T14:46:24.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-18T04:17:18.030", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f7888a7394cbf9d13c28468"}, {"source": "security-advisories@github.com", "url": "https://github.com/mdjnelson/moodle-mod_customcert/commit/ddc8f01f1e19fb61202f6013a38ef757486d3ba0"}, {"source": "security-advisories@github.com", "url": "https://github.com/mdjnelson/moodle-mod_customcert/security/advisories/GHSA-8pjr-j7r4-ccjx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.4.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "moodle-mod_customcert", "source": "cna", "vendor": "mdjnelson"}, "product": "moodle-mod_customcert", "vendor": "mdjnelson"}], "analysis": {"en": {"generated_at": "2026-03-18T04:50:32.067910+00:00", "value": {"mitigation_remediation": ["Upgrade the mdjnelson/moodle-mod_customcert plugin to version 4.4.9 or 5.0.3, which includes the fix for this authorization bypass"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected systems are Moodle installations that use the mdjnelson/moodle-mod_customcert plugin with versions earlier than 4.4.9 for the 4.x line and earlier than 5.0.3 for the 5.x line. All courses managed by users holding the mod/customcert:manage capability are potential targets.", "description_and_impact": "The vulnerability occurs when the plugin fails to verify that the supplied element identifier belongs to the authorized course context during certificate element edits, allowing a teacher with the mod/customcert:manage capability in any single course to view and silently overwrite certificate elements belonging to other courses. This results in unauthorized disclosure and data tampering, classically classified as improper authorization (CWE-639).", "risk_and_exploitability": "The CVSS score is 9.6, indicating a critical severity. EPSS data is not available, and the vulnerability is not included in the CISA KEV catalog. Exploitation requires only teacher-level access with the mod/customcert:manage capability; no additional conditions or privileges are needed. An attacker can trigger the flaw by sending requests to the core_get_fragment callback editelement or to the mod_customcert_save_element web service, benefiting from the missing ownership check on elementid."}}}}, "created": "2026-03-18T10:42:01.113228+00:00", "updated": "2026-03-24T10:59:30.577758+00:00", "vendors": ["mdjnelson", "mdjnelson$PRODUCT$moodle-mod_customcert"]}