CVE-2023-5539

CWE-94Code Injection6 documents5 sources
Severity
8.8HIGH
EPSS
2.0%
top 16.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Moodle MoodleFedoraproject Extra Packages FOR Enterprise LinuxFedoraproject Fedora
Timeline
PublishedNov 9
Latest updateMay 17

Description

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages3 packages

NVDmoodle/moodle3.11.03.11.17+4
Packagistmoodle/moodle< 4.3.0-rc2

Also affects: Fedora 38

Patches

Patch: git.moodle.orgPatch: bugzilla.redhat.comPatch: moodle.org

🔴Vulnerability Details

4
OSV
Moodle Code Injection vulnerability2023-11-09
OSV
CVE-2023-5539: A remote code execution risk was identified in the Lesson activity2023-11-09
CVEList
Moodle: authenticated remote code execution risk in lesson2023-11-09
GHSA
Moodle Code Injection vulnerability2023-11-09

📋Vendor Advisories

1
Red Hat
kernel: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()2024-05-17