mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course can read and silently overwrite certificate elements belonging to any other course in the Moodle installation. The `core_get_fragment` callback `editelement` and the `mod_customcert_save_element` web service both fail to verify that the supplied `elementid` belongs to the authorized context, enabling cross-course information disclosure and data tampering.
Versions 4.4.9 and 5.0.3 fix the issue.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products
mdjnelson:moodle-mod_customcert
References 3
https://github.com/mdjnelson/moodle-mod_customcert/commit/a1494a80fb953f187f788…
security-advisories@github.com
https://github.com/mdjnelson/moodle-mod_customcert/commit/ddc8f01f1e19fb61202f6…
security-advisories@github.com
https://github.com/mdjnelson/moodle-mod_customcert/security/advisories/GHSA-8pj…
security-advisories@github.com