CVE-2023-1402
MEDIUMMoodle - Information Disclosure via Course Participation Report
Title source: llmDescription
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
References (3)
Scores
CVSS v3
4.3
EPSS
0.0041
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-668
Status
published
Products (7)
moodle/moodle
3.9.0
moodle/moodle
3.11.0
moodle/moodle
4.0.0
moodle/moodle
4.1.0
moodle/moodle
4.1.1
moodle/moodle
3.9.0 - 3.9.20
moodle/moodle
4.1.0 - 4.1.2Packagist
Published
Mar 23, 2023
Tracked Since
Feb 18, 2026