What the vulnerability does
01Description
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5545
LOW
CVE-2023-5545: Moodle: auto-populated h5p author name causes a potential information leak
CVSS base score
3.3/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
November 9, 2023
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-21626 Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla
CVE-2023-24012 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
CVE-2026-7382 Information Disclosure in MeWare Software's PDKS
CVE-2023-52185 WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure
