Search for vulnerabilities
Vulnerability details: VCID-j3rs-empj-6qeg
Vulnerability ID VCID-j3rs-empj-6qeg
Aliases CVE-2023-23923
GHSA-32jc-9p58-p82x
Summary Moodle Improper Access Control vulnerability The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-284 Improper Access Control
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.2 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
generic_textual HIGH http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
ssvc Track http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2023-23923
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2023-23923
cvssv3.1 8.2 https://bugzilla.redhat.com/show_bug.cgi?id=2162549
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2162549
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2162549
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-32jc-9p58-p82x
cvssv3.1 8.2 https://github.com/moodle/moodle
generic_textual HIGH https://github.com/moodle/moodle
cvssv3.1 8.2 https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
generic_textual HIGH https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
ssvc Track https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
cvssv3.1 8.2 https://nvd.nist.gov/vuln/detail/CVE-2023-23923
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-23923
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
https://api.first.org/data/v1/epss?cve=CVE-2023-23923
https://bugzilla.redhat.com/show_bug.cgi?id=2162549
https://github.com/moodle/moodle
https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
https://nvd.nist.gov/vuln/detail/CVE-2023-23923
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*
GHSA-32jc-9p58-p82x https://github.com/advisories/GHSA-32jc-9p58-p82x
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:21:47Z/ Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2162549
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:21:47Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2162549
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:21:47Z/ Found at https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23923
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57052
EPSS Score 0.00355
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:14:51.978369+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-32jc-9p58-p82x/GHSA-32jc-9p58-p82x.json 36.1.3