Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
Permalink: https://github.com/advisories/GHSA-jr83-8x65-xcr5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 19 days ago
Updated: 11 days ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-jr83-8x65-xcr5, CVE-2023-5551
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5551
- https://bugzilla.redhat.com/show_bug.cgi?id=2243453
- https://moodle.org/mod/forum/discuss.php?d=451592
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
- https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0
- https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a
- https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85
- https://github.com/advisories/GHSA-jr83-8x65-xcr5
Affected Packages
packagist:moodle/moodle
Versions: < 3.9.24, >= 3.10.0, < 3.11.17, >= 4.0.0, < 4.0.11, >= 4.1.0, < 4.1.6, >= 4.2.0, < 4.2.3, >= 4.3.0-beta, < 4.3.0-rc2Fixed in: 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3, 4.3.0-rc2