8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
0.002 Low
EPSS
Percentile
61.4%
moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in the fill_preferences_cache
function of user.php
due to insufficient limitations on the “start page” preference which allows a remote attacker to gain unauthorized access to the restricted functionalities of the application.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
bugzilla.redhat.com/show_bug.cgi?id=2162549
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
github.com/advisories/GHSA-32jc-9p58-p82x
github.com/moodle/moodle/commit/4babd8cdb7ee66327824cc94536a1aa04bed5c17
github.com/moodle/moodle/commit/8de0b97f7d7d04c553e317a8270177e9fd59ce91
github.com/moodle/moodle/commit/bd5bcec3f1a087fd7accd624370671252aa0b62d
github.com/moodle/moodle/commit/f3c335b376df7267245e25599166f93c435869ee
moodle.org/mod/forum/discuss.php?d=443274#p1782023