CVE-2023-5549

Moodle Improper Access Control vulnerability in packagist/moodle/moodle

Identifiers

CVE-2023-5549, GHSA-fm5h-58g2-4m3f

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle Improper Access Control vulnerability

Description

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they does not have the capability to manage.

Affected Versions

All versions before 3.9.24, all versions starting from 3.11.0 before 3.11.17, all versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3

Solution

Upgrade to versions 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3 or above.

Last Modified

2023-11-10

source