CVE-2023-5539
MEDIUM severity · CVSS 4.7 · Code injection
4.7CVSS MEDIUM
Summary
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredHigh
User interactionNone
Confidentiality impactLow
Integrity impactLow
Availability impactLow
Exploit probability (EPSS)2%
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 ↗
Additional information
- NVD record
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2243352Patch
- https://moodle.org/mod/forum/discuss.php?d=451580Patch
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2243352Patch
- https://moodle.org/mod/forum/discuss.php?d=451580Patch