Описание
Moodle may allow teachers to access the names of users they could not otherwise access
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28336
- https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b
- https://bugzilla.redhat.com/show_bug.cgi?id=2179426
- https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://moodle.org/mod/forum/discuss.php?d=445068
Пакеты
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.1.0, < 4.1.2
4.1.2
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.0.7
4.0.7
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 3.11.0, < 3.11.13
3.11.13
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
< 3.9.20
3.9.20
Связанные уязвимости
CVSS3: 4.3
ubuntu
больше 2 лет назад
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS3: 4.3
nvd
больше 2 лет назад
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS3: 4.3
debian
больше 2 лет назад
Insufficient filtering of grade report history made it possible for te ...