Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0854
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.3 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.11 | ||
| Moodle | Moodle | Moodle versions antérieures à 3.9.24 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.17 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.24",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5543"
},
{
"name": "CVE-2023-5541",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5541"
},
{
"name": "CVE-2023-5544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5544"
},
{
"name": "CVE-2023-5539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5539"
},
{
"name": "CVE-2023-5540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5540"
},
{
"name": "CVE-2023-5542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5542"
},
{
"name": "CVE-2023-5547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5547"
},
{
"name": "CVE-2023-5545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5545"
},
{
"name": "CVE-2023-5546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5546"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0854",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-17T00:00:00.000000"
},
{
"description": "La version 3.9.23 est vuln\u00e9rable, la version 3.9.24 ne l\u0027est pas.",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0034 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451583"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0033 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451582"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0035 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451584"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0037 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451586"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0036 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0032 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451581"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0038 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0039 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451588"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0031 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451580"
}
]
}
CVE-2023-5544 (GCVE-0-2023-5544)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:32 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79509"
},
{
"name": "RHBZ#2243443",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:35.142Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79509"
},
{
"name": "RHBZ#2243443",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451585"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: stored xss and potential idor risk in wiki comments",
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5544",
"datePublished": "2023-11-09T19:32:16.862Z",
"dateReserved": "2023-10-12T00:14:41.896Z",
"dateUpdated": "2024-08-02T07:59:44.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5540 (GCVE-0-2023-5540)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:15 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
Severity ?
4.7 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T20:12:01.101624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:35.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79409"
},
{
"name": "RHBZ#2243432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:11.209Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79409"
},
{
"name": "RHBZ#2243432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451581"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: authenticated remote code execution risk in imscp",
"x_redhatCweChain": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5540",
"datePublished": "2023-11-09T19:15:53.821Z",
"dateReserved": "2023-10-11T23:39:10.773Z",
"dateUpdated": "2024-08-02T07:59:44.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5547 (GCVE-0-2023-5547)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:35 – Updated: 2024-09-04 13:25
VLAI?
EPSS
Summary
The course upload preview contained an XSS risk for users uploading unsafe data.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79455"
},
{
"name": "RHBZ#2243447",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451588"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:25:11.137670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:25:23.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "The course upload preview contained an XSS risk for users uploading unsafe data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:48:26.816Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79455"
},
{
"name": "RHBZ#2243447",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451588"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: xss risk when previewing data in course upload tool",
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5547",
"datePublished": "2023-11-09T19:35:24.575Z",
"dateReserved": "2023-10-12T00:30:28.296Z",
"dateUpdated": "2024-09-04T13:25:23.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5539 (GCVE-0-2023-5539)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:11 – Updated: 2024-09-03 18:29
VLAI?
EPSS
Summary
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
Severity ?
4.7 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79408"
},
{
"name": "RHBZ#2243352",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451580"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:23:49.115260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:29:00.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T04:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:09.393Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79408"
},
{
"name": "RHBZ#2243352",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451580"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T04:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: authenticated remote code execution risk in lesson",
"x_redhatCweChain": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5539",
"datePublished": "2023-11-09T19:11:06.859Z",
"dateReserved": "2023-10-11T23:11:25.576Z",
"dateUpdated": "2024-09-03T18:29:00.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5542 (GCVE-0-2023-5542)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:27 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"status": "affected",
"version": "4.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:05:11.480942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:41.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79213"
},
{
"name": "RHBZ#2243441",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243441"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451583"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"status": "affected",
"version": "4.2.2"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "Students in \"Only see own membership\" groups could see other students in the group, which should be hidden."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:21.258Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79213"
},
{
"name": "RHBZ#2243441",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243441"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451583"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: students can view other users in \"only see own membership\" groups",
"x_redhatCweChain": "CWE-284: Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5542",
"datePublished": "2023-11-09T19:27:38.733Z",
"dateReserved": "2023-10-12T00:01:12.085Z",
"dateUpdated": "2024-08-02T07:59:44.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5545 (GCVE-0-2023-5545)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:33 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moodle:h5p:4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "h5p",
"vendor": "moodle",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:h5p:4.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "h5p",
"vendor": "moodle",
"versions": [
{
"status": "affected",
"version": "4.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:h5p:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "h5p",
"vendor": "moodle",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:h5p:3.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "h5p",
"vendor": "moodle",
"versions": [
{
"status": "affected",
"version": "3.11"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:h5p:3.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "h5p",
"vendor": "moodle",
"versions": [
{
"status": "affected",
"version": "3.9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:58:29.250008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:46.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-78820"
},
{
"name": "RHBZ#2243444",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "H5P metadata automatically populated the author with the user\u0027s username, which could be sensitive information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:42.679Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-78820"
},
{
"name": "RHBZ#2243444",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451586"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: auto-populated h5p author name causes a potential information leak",
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5545",
"datePublished": "2023-11-09T19:33:18.127Z",
"dateReserved": "2023-10-12T00:18:04.007Z",
"dateUpdated": "2024-08-02T07:59:44.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5546 (GCVE-0-2023-5546)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:34 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:14:29.937450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:29.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-78971"
},
{
"name": "RHBZ#2243445",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:48:24.427Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-78971"
},
{
"name": "RHBZ#2243445",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451587"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: stored xss in quiz grading report via user id number",
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5546",
"datePublished": "2023-11-09T19:34:21.895Z",
"dateReserved": "2023-10-12T00:26:38.202Z",
"dateUpdated": "2024-08-02T07:59:44.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5541 (GCVE-0-2023-5541)
Vulnerability from cvelistv5 – Published: 2023-11-09 19:18 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:18:35.680052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T20:18:45.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79426"
},
{
"name": "RHBZ#2243437",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.11.17",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:12.382Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-79426"
},
{
"name": "RHBZ#2243437",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451582"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: xss risk when using csv grade import method",
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5541",
"datePublished": "2023-11-09T19:18:22.119Z",
"dateReserved": "2023-10-11T23:48:36.508Z",
"dateUpdated": "2024-08-02T07:59:44.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5543 (GCVE-0-2023-5543)
Vulnerability from cvelistv5 – Published: 2023-11-09 21:35 – Updated: 2024-08-02 07:59
VLAI?
EPSS
Summary
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T21:03:37.918205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:03:45.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-77795"
},
{
"name": "RHBZ#2243442",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243442"
},
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=451584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.6",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:47:25.315Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-77795"
},
{
"name": "RHBZ#2243442",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243442"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=451584"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: duplicating a bigbluebutton activity assigns the same meeting id",
"x_redhatCweChain": "CWE-284: Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-5543",
"datePublished": "2023-11-09T21:35:38.116Z",
"dateReserved": "2023-10-12T00:08:16.985Z",
"dateUpdated": "2024-08-02T07:59:44.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…