Forum summary report shows students from other groups when in separate groups mode
CVE-2023-5551

3.3LOW

Key Information:

Vendor

Fedora

Status
moodle
Fedora
Extra Packages for Enterprise Linux 7
Vendor
CVE Published:
9 November 2023

What is CVE-2023-5551?

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

Affected Version(s)

moodle 4.2.3

moodle 4.1.6

moodle 4.0.11

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2243453
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=451592

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.