← back
CVE-2023-28336

Moodle: teacher can access names of users they do not have permission to access

EPSS 0.7%CWE-200
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Affected products
moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=2179426https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/https://moodle.org/mod/forum/discuss.php?d=445068