CVE-2024-48896

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48896

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48896.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48896

Aliases

Related

UBUNTU-CVE-2024-48896

Published

2024-11-18T12:15:18Z

Modified

2024-11-21T07:57:27.196953Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2318822

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Last affected

d7e3bea9fa95ff686b370969cc1bcc3fca0919bf

Introduced

fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f

Last affected

db959720edaa544188ccad8bf4b2b79db383b876

Affected versions

v4.*

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4