CVE-2023-28334, GHSA-hh52-g5c4-wprh
packagist/moodle/moodle
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Authenticated users were able to enumerate other users' names via the learning plans page.
All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2
Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.
2023-03-24
source |