CVE-2023-1402

Source
https://cve.org/CVERecord?id=CVE-2023-1402
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1402.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1402
Aliases
Downstream
Published
2023-03-23T00:00:00Z
Modified
2026-07-08T07:08:07.738137700Z
Summary
Moodle: course participation report shows roles the user should not see
Details

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.1.0"
                },
                {
                    "fixed": "4.1.2"
                },
                {
                    "introduced": "4.0.0"
                },
                {
                    "fixed": "4.0.7"
                },
                {
                    "introduced": "3.11.0"
                },
                {
                    "fixed": "3.11.13"
                },
                {
                    "fixed": "3.9.20"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1402.json",
    "cna_assigner": "fedora",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.9.20"
        },
        {
            "fixed": "3.11.13"
        },
        {
            "fixed": "4.0.7"
        },
        {
            "introduced": "3.9.0-NA"
        },
        {
            "last_affected": "3.9.0-NA"
        },
        {
            "introduced": "3.11.0-NA"
        },
        {
            "last_affected": "3.11.0-NA"
        },
        {
            "introduced": "4.0.0-NA"
        },
        {
            "last_affected": "4.0.0-NA"
        },
        {
            "introduced": "4.1.0-NA"
        },
        {
            "last_affected": "4.1.0-NA"
        },
        {
            "introduced": "4.1.1"
        },
        {
            "last_affected": "4.1.1"
        }
    ]
}

Affected versions

3.*
3.11.0-NA
3.9.0-NA
4.*
4.0.0-NA
4.1.0-NA
4.1.1
v3.*
v3.10.0
v3.10.0-beta
v3.10.0-rc1
v3.10.0-rc2
v3.11.0
v3.11.0-beta
v3.11.0-rc1
v3.11.0-rc2
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.9.0
v3.9.1
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9
v4.*
v4.0.0
v4.0.0-beta
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.0-rc4
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1402.json"