CVE-2023-28334 | THREATINT

Description

Authenticated users were able to enumerate other users' names via the learning plans page.

PUBLISHED Reserved 2023-03-14 | Published 2023-03-23 | Updated 2024-08-02 | Assigner fedora

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

4.1.0 (semver) before 4.1.2

affected

4.0.0 (semver) before 4.0.7

affected

Timeline

2023-03-10:	Reported to Red Hat.
2023-03-20:	Made public.

References

bugzilla.redhat.com/show_bug.cgi?id=2179423 (RHBZ#2179423) issue-tracking

moodle.org/mod/forum/discuss.php?d=445066

bugzilla.redhat.com/show_bug.cgi?id=2179423 (RHBZ#2179423) issue-tracking

moodle.org/mod/forum/discuss.php?d=445066

cve.org (CVE-2023-28334)

nvd.nist.gov (CVE-2023-28334)

Download JSON

help @ threatint.eu