The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
References
Link | Resource |
---|---|
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862 | Patch |
https://bugzilla.redhat.com/show_bug.cgi?id=2162549 | Issue Tracking Third Party Advisory |
https://moodle.org/mod/forum/discuss.php?d=443274#p1782023 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Feb 2023, 19:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
First Time |
Moodle moodle
Moodle |
|
References | (MISC) https://moodle.org/mod/forum/discuss.php?d=443274#p1782023 - Vendor Advisory | |
References | (MISC) http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862 - Patch | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2162549 - Issue Tracking, Third Party Advisory |
17 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-17 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23923
Mitre link : CVE-2023-23923
CVE.ORG link : CVE-2023-23923
JSON object : View
Products Affected
moodle
- moodle
CWE