CVE-2023-28336 — Sensitive Information Exposure in Moodle

CWE-200 — Sensitive Information Exposure CWE-668 — Resource Exposure4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Fedoraproject Fedora

Timeline

PublishedMar 23

Description

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmoodle/moodle< 3.9.20+7

▶Packagistmoodle/moodle4.1.0 — 4.1.2+3

Also affects: Fedora 36

Patches

Patch: moodle.org ↗Patch: moodle.org ↗

🔴Vulnerability Details

GHSA

Moodle may allow teachers to access the names of users they could not otherwise access↗2023-03-23

▶

OSV

Moodle may allow teachers to access the names of users they could not otherwise access↗2023-03-23

▶

OSV

CVE-2023-28336: Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access↗2023-03-23

▶