CVE-2023-1402

Moodle may display roles to users who don't have access to them in packagist/moodle/moodle

Identifiers

CVE-2023-1402, GHSA-vj5p-fp42-774p

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle may display roles to users who don't have access to them

Description

The course participation report required additional checks to prevent roles being displayed which the user does not have access to view.

Affected Versions

All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.

Last Modified

2023-03-24

source