Login Sign Up

CVE-2023-23923

8.2 HIGH
Authentication Bypass

📋 TL;DR

This Moodle vulnerability allows remote attackers to set the 'start page' preference for other users, bypassing intended access controls. Attackers can exploit this to access restricted functionality they shouldn't have permission to use. All Moodle instances with vulnerable versions are affected.

💻 Affected Systems

Products:
  • Moodle
Versions: Specific versions not detailed in provided references, but based on CVE-2023-23923 timeline, likely affects Moodle 4.x versions prior to patched releases
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Moodle deployments with vulnerable versions regardless of configuration

📦 What is this software?

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain administrative access to Moodle, modify courses, access sensitive student data, or disrupt educational operations.

🟠

Likely Case

Attackers access restricted course materials, modify user settings, or perform unauthorized actions within the learning management system.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor user preference changes that can be quickly detected and reverted.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some user interaction or social engineering to target specific users

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Moodle security advisories for specific patched versions

Vendor Advisory: https://moodle.org/mod/forum/discuss.php?d=443274

Restart Required: No

Instructions:

1. Check current Moodle version. 2. Apply Moodle security update via package manager or manual update. 3. Clear Moodle caches. 4. Verify fix by testing start page preference functionality.

🔧 Temporary Workarounds

Restrict User Preference Modification

all

Temporarily disable or restrict the ability to modify start page preferences through Moodle configuration

# Edit Moodle config.php to add restrictions
# $CFG->forced_plugin_settings['user'] = array('startpage' => 'default');

🧯 If You Can't Patch

  • Implement strict access controls and monitor for unauthorized preference changes
  • Disable or restrict the start page preference feature entirely through configuration

🔍 How to Verify

Check if Vulnerable:

Check Moodle version against security advisories at moodle.org/security

Check Version:

php admin/cli/check_database_schema.php | grep 'Moodle version'

Verify Fix Applied:

Test if unauthorized users can modify other users' start page preferences

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized user preference modifications in Moodle logs
  • Multiple start page preference changes from single IP

Network Indicators:

  • Unusual POST requests to user preference endpoints

SIEM Query:

source="moodle.log" AND "preference" AND "startpage" AND user!=current_user

📊 Metadata

CVE ID: CVE-2023-23923
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-284
Published: February 17, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23923, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)