Exposure of Resource to Wrong Sphere
CVE-2023-28336
Summary
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. This vulnerability affects the Moodle versions through 3.9.19, 3.10.0-beta through 3.11.12, 4.0.0-beta through 4.0.6, and 4.1.0-beta through 4.1.1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Advisory Timeline
- Published