CVE-2023-28330: Moodle arbitrary file read vulnerability

March 23, 2023 (updated November 9, 2023)

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77204
github.com/advisories/GHSA-56r9-72vx-q989
github.com/moodle/moodle/commit/493205b6b280633bcbc49d2eaf4f61a52252c26c
moodle.org/mod/forum/discuss.php?d=445062
nvd.nist.gov/vuln/detail/CVE-2023-28330

Code Behaviors & Features

Detect and mitigate CVE-2023-28330 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →