GoogleOSV:GHSA-JR83-8X65-XCR5Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
bugzilla.redhat.com/show_bug.cgi?id=2243453
github.com/moodle/moodle
github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0
github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a
github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85
moodle.org/mod/forum/discuss.php?d=451592
nvd.nist.gov/vuln/detail/CVE-2023-5551
Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%