CVE-2023-5551: Moodle: forum summary report shows students from other groups when in separate groups mode
First published: Thu Oct 12 2023(Updated: )
Separate Groups mode restrictions were not honored in the forum summary report, which would display users from other groups. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | <3.9.24 | 3.9.24 |
| composer/moodle/moodle | >=3.10.0<3.11.17 | 3.11.17 |
| composer/moodle/moodle | >=4.0.0<4.0.11 | 4.0.11 |
| composer/moodle/moodle | >=4.1.0<4.1.6 | 4.1.6 |
| composer/moodle/moodle | >=4.2.0<4.2.3 | 4.2.3 |
| composer/moodle/moodle | >=4.3.0-beta<4.3.0-rc2 | 4.3.0-rc2 |
| redhat/moodle | <4.2.3 | 4.2.3 |
| redhat/moodle | <4.1.6 | 4.1.6 |
| redhat/moodle | <4.0.11 | 4.0.11 |
| redhat/moodle | <3.11.17 | 3.11.17 |
| redhat/moodle | <3.9.24 | 3.9.24 |
| Moodle | <3.9.24 | |
| Moodle | >=3.11.0<3.11.17 | |
| Moodle | >=4.0.0<4.0.11 | |
| Moodle | >=4.1.0<4.1.6 | |
| Moodle | >=4.2.0<4.2.3 | |
| Fedora EPEL | =7.0 | |
| Fedora | =38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://moodle.org/mod/forum/discuss.php?d=451592
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244951
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244952
- https://bugzilla.redhat.com/show_bug.cgi?id=2243453
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310
- https://nvd.nist.gov/vuln/detail/CVE-2023-5551
- https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0
- https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a
- https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85
- https://github.com/advisories/GHSA-jr83-8x65-xcr5 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-5551.
What is the severity of CVE-2023-5551?
CVE-2023-5551 has a severity value of 3.3.
How does this vulnerability affect Moodle?
This vulnerability affects Moodle versions up to 3.9.24, 3.11.17, 4.0.11, 4.1.6, and 4.2.3.
How can I fix the CVE-2023-5551 vulnerability?
To fix the CVE-2023-5551 vulnerability, you should update Moodle to version 3.9.24, 3.11.17, 4.0.11, 4.1.6, or 4.2.3.
Where can I find more information about CVE-2023-5551?
You can find more information about CVE-2023-5551 at the following references: [Reference 1](http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi?id=2243453), [Reference 3](https://moodle.org/mod/forum/discuss.php?d=451592).
- collector/github-advisory-latest
- alias/GHSA-jr83-8x65-xcr5
- alias/CVE-2023-5551
- collector/github-advisory
- agent/type
- agent/weakness
- agent/remedy
- agent/severity
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/composer
- package-manager/redhat
- vendor/moodle
- canonical/moodle
- version/moodle/3.11.0
- version/moodle/4.0.0
- version/moodle/4.1.0
- version/moodle/4.2.0
- vendor/fedoraproject
- canonical/fedora epel
- version/fedora epel/7.0
- canonical/fedora
- version/fedora/38