CVE-2023-5545

Published: Nov 9, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

Affected (7)

Products: Moodle: Moodle · Fedoraproject: Extra Packages For Enterprise Linux, Fedora

1 product

2 products

Extra Packages For Enterprise Linux

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Before 3.9.24
Moodle Moodle	From 3.11.0 to 3.11.17
Moodle Moodle	From 4.0.0 to 4.0.11
Moodle Moodle	From 4.1.0 to 4.1.6
Moodle Moodle	From 4.2.0 to 4.2.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Extra Packages For Enterprise Linux	Version 7.0
Fedoraproject Fedora	Version 38

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (6)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820

Source: patrick@puiterwijk.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2243444

Source: patrick@puiterwijk.org

Issue TrackingPatch

https://moodle.org/mod/forum/discuss.php?d=451586

Source: patrick@puiterwijk.org

PatchVendor Advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2243444

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://moodle.org/mod/forum/discuss.php?d=451586

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.