CVE-2023-1402
MEDIUMMoodle - Information Disclosure via Course Participation Report
Title source: llmDescription
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
References (3)
Scores
CVSS v3
4.3
EPSS
0.0026
EPSS Percentile
48.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-200
CWE-668
Status
published
Affected Products (7)
moodle/moodle
< 3.9.20
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
< 4.1.2Packagist
Timeline
Published
Mar 23, 2023
Tracked Since
Feb 18, 2026