CVE-2023-23923: Improper Access Control

February 17, 2023 (updated February 28, 2023)

The vulnerability was found Moodle which exists due to insufficient limitations on the “start page” preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
bugzilla.redhat.com/show_bug.cgi?id=2162549
moodle.org/mod/forum/discuss.php?d=443274
nvd.nist.gov/vuln/detail/CVE-2023-23923

Code Behaviors & Features

Detect and mitigate CVE-2023-23923 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →