Auto-populated h5p author name causes a potential information leak
CVE-2023-5545

5.3MEDIUM

Key Information:

Vendor

Fedora

Status
moodle
Fedora
Extra Packages for Enterprise Linux 7
Vendor
CVE Published:
9 November 2023

What is CVE-2023-5545?

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

Affected Version(s)

moodle 4.2.3

moodle 4.1.6

moodle 4.0.11

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2243444
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=451586

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.