Moodle up to 4.2.2 H5P Author Name information disclosure

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Moodle up to 3.9.23/3.11.16/4.0.10/4.1.5/4.2.2. This affects an unknown part of the component H5P Author Name Handler. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2023-5545. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Moodle up to 3.9.23/3.11.16/4.0.10/4.1.5/4.2.2 (Learning Management Software) and classified as problematic. This issue affects an unknown functionality of the component H5P Author Name Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was published 10/19/2023. It is possible to read the advisory at bugzilla.redhat.com. The identification of this vulnerability is CVE-2023-5545 since 10/12/2023. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

The vulnerability scanner Nessus provides a plugin with the ID 261448 (Linux Distros Unpatched Vulnerability : CVE-2023-5545), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 3.9.24, 3.11.17, 4.0.11, 4.1.6 or 4.2.3 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (261448). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Learning Management Software

Name

• Moodle

Version

• 3.9.0
• 3.9.1
• 3.9.2
• 3.9.3
• 3.9.4
• 3.9.5
• 3.9.6
• 3.9.7
• 3.9.8
• 3.9.9
• 3.9.10
• 3.9.11
• 3.9.12
• 3.9.13
• 3.9.14
• 3.9.15
• 3.9.16
• 3.9.17
• 3.9.18
• 3.9.19
• 3.9.20
• 3.9.21
• 3.9.22
• 3.9.23
• 3.11.0
• 3.11.1
• 3.11.2
• 3.11.3
• 3.11.4
• 3.11.5
• 3.11.6
• 3.11.7
• 3.11.8
• 3.11.9
• 3.11.10
• 3.11.11
• 3.11.12
• 3.11.13
• 3.11.14
• 3.11.15
• 3.11.16
• 4.0.0
• 4.0.1
• 4.0.2
• 4.0.3
• 4.0.4
• 4.0.5
• 4.0.6
• 4.0.7
• 4.0.8
• 4.0.9
• 4.0.10
• 4.1.0
• 4.1.1
• 4.1.2
• 4.1.3
• 4.1.4
• 4.1.5
• 4.2.0
• 4.2.1
• 4.2.2

License

• open-source

Website

• Product: https://moodle.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion