← back
CVE-2023-28336

Moodle: teacher can access names of users they do not have permission to access

EPSS 0.7%CWE-200
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
23 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Affected products
moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=2179426https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/https://moodle.org/mod/forum/discuss.php?d=445068