Описание
Moodle may allow teachers to access the names of users they could not otherwise access
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28336
- https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b
- https://bugzilla.redhat.com/show_bug.cgi?id=2179426
- https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://moodle.org/mod/forum/discuss.php?d=445068
Пакеты
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.1.0, < 4.1.2
4.1.2
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.0.7
4.0.7
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 3.11.0, < 3.11.13
3.11.13
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
< 3.9.20
3.9.20
Связанные уязвимости
CVSS3: 4.3
ubuntu
около 2 лет назад
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS3: 4.3
nvd
около 2 лет назад
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS3: 4.3
debian
около 2 лет назад
Insufficient filtering of grade report history made it possible for te ...