CVE-2023-23923

UNKNOWN 0.0

Moodle: possible to set the preferred "start page" of other users

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

CWE	CWE-284
Published	Feb 17, 2023
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new unknown vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.moodle.org: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2162549 moodle.org: https://moodle.org/mod/forum/discuss.php?d=443274#p1782023

Credits

Upstream acknowledges Paul Holden as the original reporter.