Description

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.

Remediation

References

CVE-2023-1402

Related Vulnerabilities

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)

Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.1.4)

WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0465)

Severity

Medium

Classification

CVE-2023-1402 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities