Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Moodle
(Moodle)| Repositories |
• https://github.com/moodle/moodle
• https://github.com/tinymce/tinymce_spellchecker_php |
| #Vulnerabilities | 521 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-09 | CVE-2023-5543 | When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 3.3 | ||
| 2023-11-09 | CVE-2023-5550 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 9.8 | ||
| 2023-11-09 | CVE-2023-5551 | Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 3.3 | ||
| 2023-11-09 | CVE-2023-5539 | A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5540 | A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 8.8 | ||
| 2023-11-09 | CVE-2023-5542 | Students in "Only see own membership" groups could see other students in the group, which should be hidden. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 4.3 | ||
| 2023-11-09 | CVE-2023-5545 | H5P metadata automatically populated the author with the user's username, which could be sensitive information. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5548 | Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5549 | Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 | ||
| 2023-11-09 | CVE-2023-5541 | The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | Moodle | 6.1 |