Описание
Moodle may display roles to users who don't have access to them
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-1402
- https://github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253
- https://bugzilla.redhat.com/show_bug.cgi?id=2179427
- https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://moodle.org/mod/forum/discuss.php?d=445069
Пакеты
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.1.0, < 4.1.2
4.1.2
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.0.7
4.0.7
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 3.11.0, < 3.11.13
3.11.13
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
< 3.9.20
3.9.20
Связанные уязвимости
CVSS3: 4.3
ubuntu
около 2 лет назад
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
CVSS3: 4.3
nvd
около 2 лет назад
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
CVSS3: 4.3
debian
около 2 лет назад
The course participation report required additional checks to prevent ...