CVE-2023-28334: Moodle may allow authenticated users to enumerate other user's names via learning plans page

March 23, 2023 (updated March 28, 2023)

Authenticated users were able to enumerate other users’ names via the learning plans page.

References

git.moodle.org/gw?p=moodle.git;a=commit;h=0e3c8eb740e1e49a62a5f452cda7e06258712bbf
github.com/advisories/GHSA-hh52-g5c4-wprh
github.com/moodle/moodle/commit/0e3c8eb740e1e49a62a5f452cda7e06258712bbf
moodle.org/mod/forum/discuss.php?d=445066
nvd.nist.gov/vuln/detail/CVE-2023-28334

Code Behaviors & Features

Detect and mitigate CVE-2023-28334 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →