CVE-2023-28334

Moodle may allow authenticated users to enumerate other user's names via learning plans page in packagist/moodle/moodle

Identifiers

CVE-2023-28334, GHSA-hh52-g5c4-wprh

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle may allow authenticated users to enumerate other user's names via learning plans page

Description

Authenticated users were able to enumerate other users' names via the learning plans page.

Affected Versions

All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.

Last Modified

2023-03-24

source