← volver
CVE-2023-28336

Moodle: teacher can access names of users they do not have permission to access

EPSS 0.7%CWE-200
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Productos afectados
moodle

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=2179426https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/https://moodle.org/mod/forum/discuss.php?d=445068