CVE-2023-5542 — LOW (3.3) — White Hats Nepal

Vulnerability Description

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Moodle	Moodle	4.2.2
Fedoraproject	Extra Packages For Enterprise Linux	7.0
Fedoraproject	Fedora	38

Related Weaknesses (CWE)

CWE-668 CWE-284

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2243441Issue TrackingPatchThird Party Advisory
https://moodle.org/mod/forum/discuss.php?d=451583PatchVendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2243441Issue TrackingPatchThird Party Advisory
https://moodle.org/mod/forum/discuss.php?d=451583PatchVendor Advisory

FAQ

What is CVE-2023-5542?

CVE-2023-5542 is a vulnerability with a CVSS score of 3.3 (LOW). Students in "Only see own membership" groups could see other students in the group, which should be hidden.

How severe is CVE-2023-5542?

CVE-2023-5542 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5542?

Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Extra Packages For Enterprise Linux, Fedoraproject Fedora.