Moodle Messaging Vulnerability Allows Unauthorized Access to User Names
CVE-2024-48896

4.3MEDIUM

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 18 November 2024

Summary

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2318822

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024