CVE-2023-5551 - Vulnerability Details - OpenCVE

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00073.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject Subscribe	Extra Packages For Enterprise Linux Subscribe Fedora Subscribe
Moodle Subscribe	Moodle Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

Configuration 2 [-]

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2994	Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
Github GHSA	GHSA-jr83-8x65-xcr5	Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
https://bugzilla.redhat.com/show_bug.cgi?id=2243453
https://moodle.org/mod/forum/discuss.php?d=451592

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2023-11-09T19:39:11.940Z

Updated: 2024-09-04T13:24:24.392Z

Reserved: 2023-10-12T00:54:22.507Z

Link: CVE-2023-5551

Vulnrichment

Updated: 2024-08-02T07:59:44.859Z

NVD

Status : Modified

Published: 2023-11-09T20:15:11.053

Modified: 2024-11-21T08:41:59.760

Link: CVE-2023-5551

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5551", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2023-10-12T00:54:22.507Z", "datePublished": "2023-11-09T19:39:11.940Z", "dateUpdated": "2024-09-04T13:24:24.392Z"}, "containers": {"cna": {"title": "Moodle: forum summary report shows students from other groups when in separate groups mode", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups."}], "affected": [{"versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.3", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.6", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.11", "versionType": "semver"}, {"status": "affected", "version": "3.11.0", "lessThan": "3.11.17", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "3.9.24", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453", "name": "RHBZ#2243453", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451592"}], "datePublic": "2023-10-16T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "timeline": [{"lang": "en", "time": "2023-10-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-10-16T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:48:56.245Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.859Z"}, "title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453", "name": "RHBZ#2243453", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451592", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T13:23:28.368236Z", "id": "CVE-2023-5551", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T13:24:24.392Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453", "name": "RHBZ#2243453", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451592", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.859Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5551", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T13:23:28.368236Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T13:24:19.051Z"}}], "cna": {"title": "Moodle: forum summary report shows students from other groups when in separate groups mode", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.3", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.6", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.11", "versionType": "semver"}, {"status": "affected", "version": "3.11.0", "lessThan": "3.11.17", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "3.9.24", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-10-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-10-16T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-10-16T00:00:00+00:00", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453", "name": "RHBZ#2243453", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451592"}], "descriptions": [{"lang": "en", "value": "Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:48:56.245Z"}, "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}}, "cveMetadata": {"cveId": "CVE-2023-5551", "state": "PUBLISHED", "dateUpdated": "2024-09-04T13:24:24.392Z", "dateReserved": "2023-10-12T00:54:22.507Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2023-11-09T19:39:11.940Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2A8D2D9-48FE-417F-8062-65794AA65706", "versionEndExcluding": "3.9.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C058D38-D206-4BEC-B647-4CD1808A1FC8", "versionEndExcluding": "3.11.17", "versionStartIncluding": "3.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C", "versionEndExcluding": "4.0.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A", "versionEndExcluding": "4.1.6", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups."}, {"lang": "es", "value": "Las restricciones del modo de grupos separados no se respetaron en el informe de resumen del foro, que mostrar\u00eda usuarios de otros grupos."}], "id": "CVE-2023-5551", "lastModified": "2024-11-21T08:41:59.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-09T20:15:11.053", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453"}, {"source": "patrick@puiterwijk.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=451592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=451592"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}