Search for vulnerabilities
Vulnerability details: VCID-zwxu-ekr9-ekbq
Vulnerability ID VCID-zwxu-ekr9-ekbq
Aliases CVE-2023-5542
GHSA-8mm2-m2gp-c6x2
Summary Moodle Improper Access Control vulnerability Students in "Only see own membership" groups could see other students in the group, which should be hidden.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-284 Improper Access Control
CWE-668 Exposure of Resource to Wrong Sphere
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 3.3 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
cvssv3.1 4.3 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
ssvc Track http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2023-5542
epss 0.00268 https://api.first.org/data/v1/epss?cve=CVE-2023-5542
cvssv3.1 3.3 https://bugzilla.redhat.com/show_bug.cgi?id=2243441
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=2243441
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2243441
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2243441
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8mm2-m2gp-c6x2
cvssv3.1 4.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014
generic_textual MODERATE https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014
cvssv3.1 3.3 https://moodle.org/mod/forum/discuss.php?d=451583
cvssv3.1 4.3 https://moodle.org/mod/forum/discuss.php?d=451583
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=451583
ssvc Track https://moodle.org/mod/forum/discuss.php?d=451583
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-5542
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-5542
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
https://api.first.org/data/v1/epss?cve=CVE-2023-5542
https://bugzilla.redhat.com/show_bug.cgi?id=2243441
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014
https://moodle.org/mod/forum/discuss.php?d=451583
https://nvd.nist.gov/vuln/detail/CVE-2023-5542
GHSA-8mm2-m2gp-c6x2 https://github.com/advisories/GHSA-8mm2-m2gp-c6x2
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/ Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243441
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243441
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243441
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=451583
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=451583
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/ Found at https://moodle.org/mod/forum/discuss.php?d=451583
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5542
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.50074
EPSS Score 0.00268
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:15:33.605386+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-8mm2-m2gp-c6x2/GHSA-8mm2-m2gp-c6x2.json 36.1.3