CVE-2023-28330
Moodle: authenticated arbitrary file read through malformed backup file
6.5
MEDIUM
CVSS 3.1
EPSS 1.0%
Description
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
How to fix CVE-2023-28330
To remediate CVE-2023-28330, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 3.9.20 or later
- —upgrade to 4.1.2 or later
Is CVE-2023-28330 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 3.9.0, < 3.9.20, >= 3.11.0, < 3.11.13, >= 4.0.0, < 4.0.7, >= 4.1.0, < 4.1.2
- >= 4.1.0, < 4.1.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |