GitHub Advisory DatabaseGHSA-PRJM-2FJ2-787FMoodle may allow teachers to access the names of users they could not otherwise access
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
35.2%
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 3.9.20 | |
| moodle/moodle | lt | 3.11.13 | |
| moodle/moodle | lt | 4.0.7 | |
| moodle/moodle | lt | 4.1.2 |
References
bugzilla.redhat.com/show_bug.cgi?id=2179426
git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b
github.com/advisories/GHSA-prjm-2fj2-787f
github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
moodle.org/mod/forum/discuss.php?d=445068
nvd.nist.gov/vuln/detail/CVE-2023-28336
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
35.2%