vulnerability
Moodle: Improper Access Control (CVE-2023-5542)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:P/I:N/A:N) | Nov 9, 2023 | Nov 20, 2023 | May 7, 2026 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
Nov 9, 2023
Added
Nov 20, 2023
Modified
May 7, 2026
Description
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
Solution
moodle-upgrade-latest
References
- CVE-2023-5542
- https://attackerkb.com/topics/CVE-2023-5542
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
- https://bugzilla.redhat.com/show_bug.cgi?id=2243441
- https://moodle.org/mod/forum/discuss.php?d=451583
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-2926
- CWE-284
- CWE-668
- EUVD-EUVD-2023-2926
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.