CVE-2024-48896

MEDIUM 4.3

Moodle: users' names returned in messaging error message

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

CWE	CWE-209
Published	Nov 18, 2024

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2318822