Insufficient Input Validation in Moodle by Moodle.org
CVE-2023-23923

8.2HIGH

Key Information:

Vendor: Moodle
Status: moodle
Vendor: CVE Published:; 17 February 2023

What is CVE-2023-23923?

A vulnerability in Moodle exists due to inadequate restrictions on the 'start page' preference. This flaw enables a remote attacker to modify the preference for another user, potentially allowing unauthorized access to restricted features within the platform. Organizations using vulnerable versions of Moodle should assess their systems and apply necessary security patches to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

moodle Affects Moodle 4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18, Fixed in 4.1.1, 4.0.6, 3.11.12 and 3.9.19

References

https://bugzilla.redhat.com/show_bug.cgi?id=2162549

https://moodle.org/mod/forum/discuss.php?d=443274#p1782023

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Jan 19, 2023

JSON

Moodle