Vulnerability Description
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.9.0, < 3.9.19 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2162549Issue TrackingThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=443274#p1782023Vendor Advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2162549Issue TrackingThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=443274#p1782023Vendor Advisory
FAQ
What is CVE-2023-23923?
CVE-2023-23923 is a vulnerability with a CVSS score of 8.2 (HIGH). The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a r...
How severe is CVE-2023-23923?
CVE-2023-23923 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23923?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.