Insufficient Input Validation in Moodle by Moodle.org
CVE-2023-23923

8.2HIGH

Key Information:

Vendor: Moodle
Status: moodle
Vendor: CVE Published:; 17 February 2023

What is CVE-2023-23923?

A vulnerability in Moodle exists due to inadequate restrictions on the 'start page' preference. This flaw enables a remote attacker to modify the preference for another user, potentially allowing unauthorized access to restricted features within the platform. Organizations using vulnerable versions of Moodle should assess their systems and apply necessary security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

moodle Affects Moodle 4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18, Fixed in 4.1.1, 4.0.6, 3.11.12 and 3.9.19

References

https://bugzilla.redhat.com/show_bug.cgi?id=2162549

https://moodle.org/mod/forum/discuss.php?d=443274#p1782023

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Jan 19, 2023

JSON