Vulnerabilities > CVE-2023-23923 - Unspecified vulnerability in Moodle
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
Vulnerable Configurations
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
- https://bugzilla.redhat.com/show_bug.cgi?id=2162549
- https://bugzilla.redhat.com/show_bug.cgi?id=2162549
- https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
- https://moodle.org/mod/forum/discuss.php?d=443274#p1782023