CVE-2023-5551

CWE-200 — Information Exposure5 documents4 sources

Severity

3.3LOW

EPSS

0.1%

top 77.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Moodle Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora

Timeline

PublishedNov 9

Description

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶NVDmoodle/moodle3.11.0 — 3.11.17+4

▶Packagistmoodle/moodle4.3.0-beta — 4.3.0-rc2+5

▶NVDfedoraproject/extra_packages7.0

Also affects: Fedora 38

Patches

Patch: git.moodle.org ↗Patch: bugzilla.redhat.com ↗Patch: moodle.org ↗

🔴Vulnerability Details

OSV

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2023-11-09

▶

OSV

CVE-2023-5551: Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups↗2023-11-09

▶

CVEList

Moodle: forum summary report shows students from other groups when in separate groups mode↗2023-11-09

▶

GHSA

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2023-11-09

▶