CVE-2023-5545

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability in packagist/moodle/moodle

Identifiers

CVE-2023-5545, GHSA-26fg-v32r-h663

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Description

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

Affected Versions

All versions before 3.9.24, all versions starting from 3.11.0 before 3.11.17, all versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3

Solution

Upgrade to versions 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3 or above.

Last Modified

2023-11-10

source