CVE-2023-5551: Moodle: forum summary report shows students from other groups when in separate groups mode
First published: Thu Oct 12 2023(Updated: )
Separate Groups mode restrictions were not honored in the forum summary report, which would display users from other groups. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/moodle | <4.2.3 | 4.2.3 |
| redhat/moodle | <4.1.6 | 4.1.6 |
| redhat/moodle | <4.0.11 | 4.0.11 |
| redhat/moodle | <3.11.17 | 3.11.17 |
| redhat/moodle | <3.9.24 | 3.9.24 |
| Moodle Moodle | <3.9.24 | |
| Moodle Moodle | >=3.11.0<3.11.17 | |
| Moodle Moodle | >=4.0.0<4.0.11 | |
| Moodle Moodle | >=4.1.0<4.1.6 | |
| Moodle Moodle | >=4.2.0<4.2.3 | |
| Fedoraproject Extra Packages For Enterprise Linux | =7.0 | |
| Fedoraproject Fedora | =38 | |
| composer/moodle/moodle | <3.9.24 | 3.9.24 |
| composer/moodle/moodle | >=3.10.0<3.11.17 | 3.11.17 |
| composer/moodle/moodle | >=4.0.0<4.0.11 | 4.0.11 |
| composer/moodle/moodle | >=4.1.0<4.1.6 | 4.1.6 |
| composer/moodle/moodle | >=4.2.0<4.2.3 | 4.2.3 |
| composer/moodle/moodle | >=4.3.0-beta<4.3.0-rc2 | 4.3.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://moodle.org/mod/forum/discuss.php?d=451592
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244951
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244952
- https://bugzilla.redhat.com/show_bug.cgi?id=2243453
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
- https://nvd.nist.gov/vuln/detail/CVE-2023-5551
- https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0
- https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a
- https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85
- https://github.com/advisories/GHSA-jr83-8x65-xcr5 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-5551.
What is the severity of CVE-2023-5551?
CVE-2023-5551 has a severity value of 3.3.
How does this vulnerability affect Moodle?
This vulnerability affects Moodle versions up to 3.9.24, 3.11.17, 4.0.11, 4.1.6, and 4.2.3.
How can I fix the CVE-2023-5551 vulnerability?
To fix the CVE-2023-5551 vulnerability, you should update Moodle to version 3.9.24, 3.11.17, 4.0.11, 4.1.6, or 4.2.3.
Where can I find more information about CVE-2023-5551?
You can find more information about CVE-2023-5551 at the following references: [Reference 1](http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi?id=2243453), [Reference 3](https://moodle.org/mod/forum/discuss.php?d=451592).
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-jr83-8x65-xcr5
- alias/CVE-2023-5551
- collector/nvd-cve
- collector/github-advisory
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.11.0
- version/moodle moodle/4.0.0
- version/moodle moodle/4.1.0
- version/moodle moodle/4.2.0
- vendor/fedoraproject
- canonical/fedoraproject extra packages for enterprise linux
- version/fedoraproject extra packages for enterprise linux/7.0
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- package-manager/composer
- package-manager/redhat