Executive Summary

This vulnerability in Moodle occurs because the system fails to properly verify the enrollment status of users when sending quiz notifications. As a result, users who are suspended or inactive may still receive quiz-related messages, which can lead to unauthorized disclosure of limited course information. [1]

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability is that suspended or inactive users might receive quiz notifications they should not have access to, potentially leaking limited information about ongoing quizzes or assessments. This could lead to unauthorized users gaining insights into course activities, which may affect the confidentiality of course content. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking the Moodle version running on your system. Versions 4.5 through 4.5.6 and 5.0 through 5.0.2 are affected. To check the Moodle version, you can use commands like 'grep' on the version.php file in the Moodle installation directory, for example: grep "\$release" /path/to/moodle/version.php. Additionally, monitoring outgoing quiz notification messages to verify if suspended or inactive users are receiving them may help detect exploitation. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Moodle to a fixed version. Specifically, update to Moodle versions 4.5.7 or later, or 5.0.3 or later, where this vulnerability has been addressed. Until the upgrade is applied, consider reviewing and restricting quiz notification settings to prevent sending notifications to suspended or inactive users. [1]

Useful 0 Not Useful 0