CVE-2023-5542

CWE-284Improper Access ControlCWE-668Exposure to Wrong Sphere5 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 49.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Moodle MoodleFedoraproject Extra Packages FOR Enterprise LinuxFedoraproject Fedora
Timeline
PublishedNov 9

Description

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

Packagistmoodle/moodle< 4.3.0-rc2
NVDmoodle/moodle4.2.2

Also affects: Fedora 38

Patches

Patch: git.moodle.orgPatch: bugzilla.redhat.comPatch: moodle.org

🔴Vulnerability Details

4
CVEList
Moodle: students can view other users in "only see own membership" groups2023-11-09
GHSA
Moodle Improper Access Control vulnerability2023-11-09
OSV
CVE-2023-5542: Students in "Only see own membership" groups could see other students in the group, which should be hidden2023-11-09
OSV
Moodle Improper Access Control vulnerability2023-11-09