Linux Distros Unpatched Vulnerability : CVE-2023-28334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authenticated users were able to enumerate other users' names via the learning plans page. CVE-2023-28334 Note that Nessus relies on the presence of the package...

BIT-MOODLE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

Information Disclosure

moodle/moodle is vulnerable to Information Disclosure. The vulnerability exists because authenticated user privileges are not properly validated in pagehelper.php which allows an attacker to access sensitive information and enumerate other users names via the learning plans page...

GHSA-HH52-G5C4-WPRH Moodle may allow authenticated users to enumerate other user's names via learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

Moodle may allow authenticated users to enumerate other user's names via learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

UBUNTU-CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

Authenticated users were able to enumerate other users' names via the learning plans page...

Code injection

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334

CVE-2023-28334 affects Moodle via an authenticated user IDOR on the learning plans page, enabling enumeration of other users’ names. OpenVAS lists Moodle core version ranges (e.g., 4.0.x before 4.0.7 and 4.1.x before 4.1.2) as vulnerable to an IDOR vulnerability; Veracode notes full information d...

CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page...

Study Vulnerability Assessment in Tenable University for free

Not so long ago, Tenable presented renewed online training platform - Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case. I decided to check it out, registering as non-customer. Logged in...