CVE-2023-5551

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability in packagist/moodle/moodle

Identifiers

CVE-2023-5551, GHSA-jr83-8x65-xcr5

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Description

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

Affected Versions

All versions before 3.9.24, all versions starting from 3.11.0 before 3.11.17, all versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3

Solution

Upgrade to versions 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3 or above.

Last Modified

2023-11-10

source