CVE-2023-5551 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=4.3.0-beta <4.3.0-rc2 || >=4.2.0 <4.2.3 || >=4.1.0 <4.1.6 || >=4.0.0 <4.0.11 || >=3.10.0 <3.11.17 || >=0 <3.9.24

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00081 pctl0.24568

Details

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

Metadata

Created: 2023-11-09T21:30:39Z
Modified: 2023-11-17T22:30:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-jr83-8x65-xcr5/GHSA-jr83-8x65-xcr5.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-jr83-8x65-xcr5
Finding: F038
Auto approve: 1