CVE-2024-48896
Moodle: users' names returned in messaging error message
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
18 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
moodleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →