Cache poisoning risk with endpoint revision numbers
CVE-2023-5548

5.3MEDIUM

Key Information:

Vendor

Fedora

Status
moodle
Extra Packages for Enterprise Linux 7
Fedora
Vendor
CVE Published:
9 November 2023

What is CVE-2023-5548?

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

Affected Version(s)

moodle 4.2.3

moodle 4.1.6

moodle 4.0.11

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2243449
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=451589

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.