Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:39975
HistoryMar 29, 2023 - 4:45 a.m.

Information Disclosure

2023-03-2904:45:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
information disclosure
authenticated user
sensitive information
learning plans page

EPSS

0.001

Percentile

21.0%

JSON

moodle/moodle is vulnerable to Information Disclosure. The vulnerability exists because authenticated user privileges are not properly validated in page_helper.php which allows an attacker to access sensitive information and enumerate other users names via the learning plans page.

Related

osv 3
vulnrichment 1
cvelist 1
prion 1
nvd 1
ubuntucve 1
github 1
openvas 1
cve 1
osv
osv
CVE-2023-28334
2023-03-23 21:15:20
BIT-moodle-2023-28334
2024-03-06 11:00:05
Moodle may allow authenticated users to enumerate other user's names via learning plans page
2023-03-23 21:30:18
vulnrichment
vulnrichment
CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page
2023-03-23 00:00:00
cvelist
cvelist
CVE-2023-28334 Moodle: users' name enumeration possible via idor on learning plans page
2023-03-23 00:00:00
prion
prion
Code injection
2023-03-23 21:15:00
nvd
nvd
CVE-2023-28334
2023-03-23 21:15:20
ubuntucve
ubuntucve
CVE-2023-28334
2023-03-23 00:00:00
github
github
Moodle may allow authenticated users to enumerate other user's names via learning plans page
2023-03-23 21:30:18
openvas
openvas
Moodle 4.0 < 4.0.7, 4.1 < 4.1.2 IDOR Vulnerability
2023-03-24 00:00:00
cve
cve
CVE-2023-28334
2023-03-23 21:15:20

EPSS

0.001

Percentile

21.0%

JSON
Related for VERACODE:39975
osv3vulnrichment1cvelist1prion1nvd1ubuntucve1github1openvas1cve1