Home

Description

Authenticated users were able to enumerate other users' names via the learning plans page.

PUBLISHED Reserved 2023-03-14 | Published 2023-03-23 | Updated 2024-08-02 | Assigner fedora

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

4.1.0 before 4.1.2
affected

4.0.0 before 4.0.7
affected

Timeline

2023-03-10:Reported to Red Hat.
2023-03-20:Made public.

References

bugzilla.redhat.com/show_bug.cgi?id=2179423 (RHBZ#2179423) issue-tracking

moodle.org/mod/forum/discuss.php?d=445066

cve.org (CVE-2023-28334)

nvd.nist.gov (CVE-2023-28334)

Download JSON