Lucene search

GoogleOSV:BIT-MOODLE-2023-23923

HistoryMar 06, 2024 - 11:01 a.m.

BIT-moodle-2023-23923

2024-03-0611:01:04

Google

osv.dev

moodle

vulnerability

start page

remote attacker

unauthorized access

software

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

JSON

The vulnerability was found Moodle which exists due to insufficient limitations on the “start page” preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

CPENameOperatorVersion
moodlege4.1.0
moodlege3.9.0
moodlege3.11.0
moodlelt4.0.6
moodlele4.1.0
moodlelt3.9.19
moodlege4.0.0
moodlelt3.11.12

Name	Operator	Version
moodle	ge	4.1.0
moodle	ge	3.9.0
moodle	ge	3.11.0
moodle	lt	4.0.6
moodle	le	4.1.0
moodle	lt	3.9.19
moodle	ge	4.0.0
moodle	lt	3.11.12

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862

bugzilla.redhat.com/show_bug.cgi?id=2162549

moodle.org/mod/forum/discuss.php?d=443274#p1782023

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for OSV:BIT-MOODLE-2023-23923