First published: Fri Mar 17 2023(Updated: )
Authenticated users were able to enumerate other users' names via the learning plans page.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >4.0.0<4.0.7 | |
Moodle Moodle | =4.0.0 | |
Moodle Moodle | =4.1.0 | |
Moodle Moodle | =4.1.1 | |
redhat/moodle | <4.1.2 | 4.1.2 |
redhat/moodle | <4.0.7 | 4.0.7 |
composer/moodle/moodle | <3.9.20 | 3.9.20 |
composer/moodle/moodle | >=3.11.0<3.11.13 | 3.11.13 |
composer/moodle/moodle | >=4.0.0<4.0.7 | 4.0.7 |
composer/moodle/moodle | >=4.1.0<4.1.2 | 4.1.2 |
>4.0.0<4.0.7 | ||
=4.0.0 | ||
=4.1.0 | ||
=4.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-28334.
The severity of CVE-2023-28334 is medium.
CVE-2023-28334 affects Moodle versions between 4.0.0 and 4.0.7, Moodle 4.1.0, and Moodle 4.1.1.
The impact of CVE-2023-28334 is that authenticated users were able to enumerate other users' names via the learning plans page.
Yes, there is a fix available for CVE-2023-28334. It is recommended to update Moodle to a version that includes the fix.