Boletines de Vulnerabilidades

MSA-23-0009: Users name enumeration possible via IDOR on learning plans page

Información sobre el sistema
   
Software afectado PHP

Descripción
di Michael Hawkins. Authenticated users were able to enumerate other users names via the learning plans page.Severity/Risk:MinorVersions affected:4.1 to 4.1.1 and 4.0 to 4.0.6Versions fixed:4.1.2 and 4.0.7Reported by:Paul HoldenCVE identifier:CVE-2023-28334Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77129Tracker issue:MDL-77129 Users name enumeration possible via IDOR on learning plans page

More info:

https://moodle.org/mod/forum/discuss.php?d=445066&parent=1788899

Identificadores estándar
Propiedad Valor
CVE CVE-2023-28334.

Histórico de versiones
Versión Comentario Data
1.0 Advisory issued 2023-04-28
Ministerio de Defensa
CNI
CCN
CCN-CERT