CVE-2023-5549
09.11.2023, 20:15
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.Enginsight
Vendor | Product | Version |
---|---|---|
moodle | moodle | 𝑥 < 3.9.24 |
moodle | moodle | 3.11.0 ≤ 𝑥 < 3.11.17 |
moodle | moodle | 4.0.0 ≤ 𝑥 < 4.0.11 |
moodle | moodle | 4.1.0 ≤ 𝑥 < 4.1.6 |
moodle | moodle | 4.2.0 ≤ 𝑥 < 4.2.3 |
fedoraproject | extra_packages_for_enterprise_linux | 7.0 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
References