CVE-2023-23923

Published: Feb 17, 2023Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitability: 3.9 / Impact: 4.2

Source: NVD

Description

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

Affected (4)

Products: Moodle: Moodle

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 3.11.0 to 3.11.12
Moodle Moodle	From 3.9.0 to 3.9.19
Moodle Moodle	From 4.0.0 to 4.0.6
Moodle Moodle	Version 4.1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862

Source: patrick@puiterwijk.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2162549

Source: patrick@puiterwijk.org

Issue TrackingThird Party Advisory

https://moodle.org/mod/forum/discuss.php?d=443274#p1782023

Source: patrick@puiterwijk.org

Vendor Advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2162549

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://moodle.org/mod/forum/discuss.php?d=443274#p1782023

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.