Описание
Moodle may allow teachers to access the names of users they could not otherwise access
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28336
- https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b
- https://bugzilla.redhat.com/show_bug.cgi?id=2179426
- https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://moodle.org/mod/forum/discuss.php?d=445068
Пакеты
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.1.0, < 4.1.2
4.1.2
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.0.7
4.0.7
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 3.11.0, < 3.11.13
3.11.13
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
< 3.9.20
3.9.20
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 3 года назад
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS3: 4.3
nvd
почти 3 года назад
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS3: 4.3
debian
почти 3 года назад
Insufficient filtering of grade report history made it possible for te ...