vulnerability
Moodle: Exposure of Resource to Wrong Sphere (CVE-2023-1402)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Mar 23, 2023 | Mar 30, 2023 | Feb 15, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Mar 23, 2023
Added
Mar 30, 2023
Modified
Feb 15, 2026
Description
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
Solutions
moodle-upgrade-3_11_13moodle-upgrade-3_9_20moodle-upgrade-4_0_7
References
- CVE-2023-1402
- https://attackerkb.com/topics/CVE-2023-1402
- CWE-200
- CWE-668
- https://bugzilla.redhat.com/show_bug.cgi?id=2179427
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
- https://moodle.org/mod/forum/discuss.php?d=445069
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.