CVE-2023-1402: Moodle may display roles to users who don't have access to them

March 23, 2023 (updated November 9, 2023)

The course participation report required additional checks to prevent roles being displayed which the user does not have access to view.

References

git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253
github.com/advisories/GHSA-vj5p-fp42-774p
github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253
moodle.org/mod/forum/discuss.php?d=445069
nvd.nist.gov/vuln/detail/CVE-2023-1402

Code Behaviors & Features

Detect and mitigate CVE-2023-1402 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →