GoogleOSV:GHSA-VJ5P-FP42-774PMoodle may display roles to users who don't have access to them
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.2%
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
References
bugzilla.redhat.com/show_bug.cgi?id=2179427
git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253
github.com/moodle/moodle
github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
moodle.org/mod/forum/discuss.php?d=445069
nvd.nist.gov/vuln/detail/CVE-2023-1402
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.2%