CVE-2023-28330 Moodle: authenticated arbitrary file read through malformed backup file

🗓️ 23 Mar 2023 00:00:00Reported by fedoraType

CVE-2023-28330 Moodle backup file read ris

Reporter	Title	Published	Views	Family All 58
ATTACKERKB	CVE-2023-28330	23 Mar 202321:15	–	attackerkb
Circl	CVE-2023-28330	23 Mar 202323:36	–	circl
CNNVD	Moodle 安全漏洞	21 Mar 202300:00	–	cnnvd
CVE	CVE-2023-28330	23 Mar 202300:00	–	cve
Fedora	[SECURITY] Fedora 36 Update: moodle-3.11.13-1.fc36	30 Mar 202301:16	–	fedora
Tenable Nessus	Fedora 36 : moodle (2023-d9c13996b2)	30 Mar 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-28330	2 Sep 202500:00	–	nessus
Tenable Nessus	Moodle 4.1.x < 4.1.2 Multiple Vulnerabilities	10 Apr 202500:00	–	nessus
Tenable Nessus	Moodle 4.0.x < 4.0.7 Multiple Vulnerabilities	10 Apr 202500:00	–	nessus
Tenable Nessus	Moodle 3.11.x < 3.11.13 Multiple Vulnerabilities	10 Apr 202500:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.7",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.11.0",
        "lessThan": "3.11.13",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.9.20",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://git.moodle.org",
    "defaultStatus": "unaffected"
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

19 Apr 2024 13:39Current

6.8Medium risk

Vulners AI Score6.8

EPSS0.01182

CWE-20

moodle file read backup authentication risk teachers managers admins