CVE-2023-5543 LOW

CVE-2023-5543: Moodle: duplicating a bigbluebutton activity assigns the same meeting id

Weakness CWE-284

Published November 9, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.

Key dates

02Disclosure timeline

November 9, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5543

Related vulnerabilities

04Related CVE

CVE-2024-1144 Improper Access Control at Alma Devklan Blog CVE-2012-6435 Rockwell Automation ControlLogix PLC Improper Access Control CVE-2025-7552 Dromara Northstar Path AuthorizationInterceptor.java preHandle access control CVE-2022-4567 Improper Access Control in openemr/openemr CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability