CVE-2023-5543

LOW 3.3

Moodle: duplicating a bigbluebutton activity assigns the same meeting id

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.

CWE	CWE-284
Published	Nov 9, 2023
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new low vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.moodle.org: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77795 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2243442 moodle.org: https://moodle.org/mod/forum/discuss.php?d=451584