First published: Thu Oct 12 2023(Updated: )
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
Credit: patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/moodle | <4.2.3 | 4.2.3 |
redhat/moodle | <4.1.6 | 4.1.6 |
redhat/moodle | <4.0.11 | 4.0.11 |
>=4.0.0<4.0.11 | ||
>=4.1.0<4.1.6 | ||
>=4.2.0<4.2.3 | ||
=7.0 | ||
=38 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2023-5543.
The severity of CVE-2023-5543 is low with a severity value of 3.3.
CVE-2023-5543 affects Moodle by allowing the duplicated BigBlueButton activity to have the same meeting ID as the original, potentially providing unintended access.
Versions up to and exclusive of 4.0.11, 4.1.6, and 4.2.3 of Moodle are affected by CVE-2023-5543.
To fix CVE-2023-5543, update Moodle to version 4.0.11, 4.1.6, or 4.2.3, depending on the branch you are using.