Moodle DC-2024-48896 (Medium)

2024-11-20

Platform: Moodle

Version: All versions before 4.1.14, 4.2.11, 4.3.8, 4.4.4 (not exhaustive)

Vulnerability: Information Disclosure

Severity: Medium

Date: November 18, 2024

What Undercode Says:

This vulnerability in Moodle allows users with the “send message” capability to see usernames they wouldn’t normally have access to. This happens through an error message displayed in the messaging functionality. The disclosed username follows the full name format configured on the Moodle site.

Analytics:

This vulnerability is classified as medium severity, indicating a potential privacy risk.
Users with the “send message” capability can exploit this vulnerability to gain unauthorized access to usernames.
The impact of this vulnerability depends on the sensitivity of the usernames and the Moodle site’s configuration.
Upgrading Moodle to a version that addresses this vulnerability (4.1.14, 4.2.11, 4.3.8, or 4.4.4 or later) is recommended to mitigate the risk.
Moodle administrators should be aware of this vulnerability and take steps to address it.

Note: This is just an example of analytics you can generate based on the information provided. You can expand on these points or add more depending on your specific audience.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top