Search for vulnerabilities
Vulnerability details: VCID-1vdd-s58c-myhn
Vulnerability ID VCID-1vdd-s58c-myhn
Aliases CVE-2023-5545
GHSA-26fg-v32r-h663
Summary Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability H5P metadata automatically populated the author with the user's username, which could be sensitive information.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-668 Exposure of Resource to Wrong Sphere
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 3.3 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
cvssv3.1 5.3 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
ssvc Track http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
epss 0.00277 https://api.first.org/data/v1/epss?cve=CVE-2023-5545
epss 0.00277 https://api.first.org/data/v1/epss?cve=CVE-2023-5545
cvssv3.1 3.3 https://bugzilla.redhat.com/show_bug.cgi?id=2243444
cvssv3.1 5.3 https://bugzilla.redhat.com/show_bug.cgi?id=2243444
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2243444
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2243444
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-26fg-v32r-h663
cvssv3.1 5.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 5.3 https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53
generic_textual MODERATE https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53
cvssv3.1 3.3 https://moodle.org/mod/forum/discuss.php?d=451586
cvssv3.1 5.3 https://moodle.org/mod/forum/discuss.php?d=451586
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=451586
ssvc Track https://moodle.org/mod/forum/discuss.php?d=451586
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-5545
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-5545
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
https://api.first.org/data/v1/epss?cve=CVE-2023-5545
https://bugzilla.redhat.com/show_bug.cgi?id=2243444
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53
https://moodle.org/mod/forum/discuss.php?d=451586
https://nvd.nist.gov/vuln/detail/CVE-2023-5545
GHSA-26fg-v32r-h663 https://github.com/advisories/GHSA-26fg-v32r-h663
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/ Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243444
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243444
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243444
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=451586
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=451586
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/ Found at https://moodle.org/mod/forum/discuss.php?d=451586
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5545
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.50759
EPSS Score 0.00277
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:15:29.218723+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-26fg-v32r-h663/GHSA-26fg-v32r-h663.json 36.1.3