A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 23 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 23 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
Description A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
Title Moodle: external cohort search service leaks system cohort data
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2025-10-23T14:43:09.806Z

Reserved: 2025-10-13T10:12:30.925Z

Link: CVE-2025-62395

cve-icon Vulnrichment

Updated: 2025-10-23T14:43:01.832Z

cve-icon NVD

Status : Received

Published: 2025-10-23T12:15:31.747

Modified: 2025-10-23T12:15:31.747

Link: CVE-2025-62395

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.