BIT-moodle-2023-28336

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-28336.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-moodle-2023-28336
Aliases
Published
2024-03-06T10:59:47.976Z
Modified
2024-04-20T07:49:38.167Z
Summary
[none]
Details

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

Database specific
{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / moodle

Package

Name
moodle
Purl
pkg:bitnami/moodle

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.9.0
Fixed
3.9.20
Introduced
3.11.0
Fixed
3.11.13
Introduced
4.0.0
Fixed
4.0.7
Type
SEMVER
Events
Introduced
3.9.0
Last affected
3.9.0
Introduced
3.11.0
Last affected
3.11.0
Introduced
4.0.0
Last affected
4.0.0
Introduced
4.1.0
Last affected
4.1.0
Introduced
4.1.1
Last affected
4.1.1