4.3
CVE-2024-48896
- EPSS 0.31%
- Veröffentlicht 18.11.2024 12:15:18
- Zuletzt bearbeitet 20.11.2024 14:47:12
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginMoodle: users' names returned in messaging error message
Users' names returned in messaging error message
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.
Mögliche Gegenmaßnahme
Moodle Server: Update to a patched version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemMoodle
≫
Produkt
Moodle Server
Version
< 4.1.0
Version
>= 4.4.0, < 4.4.4
Version
>= 4.3.0, < 4.3.8
Version
>= 4.2.0, < 4.2.11
Version
>= 4.1.0, < 4.1.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.542 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.