First published: Thu Oct 12 2023(Updated: )
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | <4.3.0-rc2 | 4.3.0-rc2 |
Moodle Moodle | >=3.9.0<3.9.24 | |
Moodle Moodle | >=3.11.0<3.11.17 | |
Moodle Moodle | >=4.0.0<4.0.11 | |
Moodle Moodle | >=4.1.0<4.1.6 | |
Moodle Moodle | >=4.2.0<4.2.3 | |
Redhat Enterprise Linux | =7.0 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
redhat/moodle | <4.2.3 | 4.2.3 |
redhat/moodle | <4.1.6 | 4.1.6 |
redhat/moodle | <4.0.11 | 4.0.11 |
redhat/moodle | <3.11.17 | 3.11.17 |
redhat/moodle | <3.9.24 | 3.9.24 |
>=3.9.0<3.9.24 | ||
>=3.11.0<3.11.17 | ||
>=4.0.0<4.0.11 | ||
>=4.1.0<4.1.6 | ||
>=4.2.0<4.2.3 | ||
=7.0 | ||
=37 | ||
=38 | ||
=39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-5544.
The severity of CVE-2023-5544 is medium.
The affected software is Moodle version 3.9.0 to 4.2.3 and Redhat Enterprise Linux 7.0, Fedoraproject Fedora 37, 38, and 39.
To fix CVE-2023-5544, you should update Moodle to version 4.2.3 or apply the recommended patches for your specific version, and follow the guidelines provided by Moodle on their website.
You can find more information about CVE-2023-5544 on the Moodle website, Git repository, and the Redhat Bugzilla entry.