Vulnerabilities > CVE-2023-28330 - Unspecified vulnerability in Moodle
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Vulnerable Configurations
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2179412
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
- https://moodle.org/mod/forum/discuss.php?d=445062
- https://bugzilla.redhat.com/show_bug.cgi?id=2179412
- https://moodle.org/mod/forum/discuss.php?d=445062
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/