FKIE_CVE-2026-34370

Vulnerability from fkie_nvd - Published: 2026-04-14 22:16 - Updated: 2026-04-22 18:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating the notebook_id parameter in the editnote action. The application fetches the note content using only the supplied integer ID without verifying that the requesting user owns the note, and the full title and HTML body are rendered in the edit form and returned to the attacker's browser. While ownership checks exist in the write paths (updateNote() and delete_note()), they are entirely absent from the read path (get_note_information()). This issue has been fixed in version 2.0.0-RC.3.
References
security-advisories@github.comhttps://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3Product, Release Notes
security-advisories@github.comhttps://github.com/chamilo/chamilo-lms/security/advisories/GHSA-fm35-2hvw-564qVendor Advisory
Impacted products
Vendor Product Version
chamilo chamilo_lms *
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
chamilo chamilo_lms 2.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34085140-9203-4B20-9036-743718F1A4F8",
              "versionEndIncluding": "1.11.38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "4AF7661F-C1F7-4CAB-BBDF-FC5BF7F5BEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "FE56AF71-9D53-42C6-980D-09E1C418ED87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "01195674-9E1A-4C07-B7D3-0F0CC2E6511B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "BAE63449-5A56-4302-A4BF-F3D19FC96A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "A84A06F9-5AB7-4703-8153-33AC68882B95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B91302A3-53DE-4ED0-BAAB-FE9DA03F8242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "46008D4A-96F7-4E04-8256-E115AAAE3383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "6E2BCAFF-D44B-4E67-998A-DF855E27606B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D2E7D018-E4C2-45F5-8D9A-DAC947173607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:chamilo:chamilo_lms:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DAF96697-6B6D-459D-9510-E5CEEDC2859B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating the notebook_id parameter in the editnote action. The application fetches the note content using only the supplied integer ID without verifying that the requesting user owns the note, and the full title and HTML body are rendered in the edit form and returned to the attacker\u0027s browser. While ownership checks exist in the write paths (updateNote() and delete_note()), they are entirely absent from the read path (get_note_information()). This issue has been fixed in version 2.0.0-RC.3."
    }
  ],
  "id": "CVE-2026-34370",
  "lastModified": "2026-04-22T18:46:34.627",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-14T22:16:31.340",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-fm35-2hvw-564q"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        },
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.