CVE-2023-28336

Moodle may allow teachers to access the names of users they could not otherwise access in packagist/moodle/moodle

Identifiers

CVE-2023-28336, GHSA-prjm-2fj2-787f

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle may allow teachers to access the names of users they could not otherwise access

Description

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

Affected Versions

All versions before 3.9.20, all versions after 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to versions 3.9.20, 3.11.13, 4.0.7, 4.1.2 or above.

Last Modified

2023-03-24

source