Cyber Resilience

CVE-2023-5542

LowLPE

Published: 09 November 2023

Published
09 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score 0.0027 50.6th percentile
Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5542 is a low-severity Improper Access Control (CWE-284) vulnerability in Moodle Moodle. Its CVSS base score is 3.3 (Low).

Operationally, ranked in the top 49.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

moodle
moodle
4.2.2
fedoraproject
extra packages for enterprise linux
7.0
fedoraproject
fedora
38

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-284 CWE-668

Enforces rules governing access to the system and its data from external systems based on established trust relationships.

addresses: CWE-284 CWE-668

This control requires verifying that a sharing partner's access authorizations match the information's restrictions before sharing occurs.

addresses: CWE-284 CWE-668

Designating authorized individuals and mandating pre/post-publication reviews enforces access controls on who can publish content publicly.

addresses: CWE-284 CWE-668

Provides monitoring and protection against data mining patterns that exploit improper access controls to extract data.

addresses: CWE-284 CWE-668

Enforcing approved authorizations for information flows directly implements access control over data movements within and between systems.

addresses: CWE-284 CWE-668

Authorizing and reviewing internal connections enforces proper access control over system interfaces.

addresses: CWE-284 CWE-668

Identifying users with access to specific system components supports enforcement of proper access controls on information.

addresses: CWE-284 CWE-668

The control enforces access restrictions on media, directly mitigating improper access control weaknesses.

References