8.2

CVE-2023-23923

Moodle: possible to set the preferred "start page" of other users

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoodleMoodle Version >= 3.9.0 < 3.9.19
MoodleMoodle Version >= 3.11.0 < 3.11.12
MoodleMoodle Version >= 4.0.0 < 4.0.6
MoodleMoodle Version4.1.0 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.568
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2162549
Third Party Advisory
Issue Tracking
https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
Vendor Advisory