Moderate severityOSV Advisory· Published Nov 18, 2024
Moodle: users' names returned in messaging error message
CVE-2024-48896
Description
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 4.1.14 | 4.1.14 |
moodle/moodlePackagist | >= 4.2.0, < 4.2.11 | 4.2.11 |
moodle/moodlePackagist | >= 4.3.0, < 4.3.8 | 4.3.8 |
moodle/moodlePackagist | >= 4.4.0, < 4.4.4 | 4.4.4 |
Affected products
3- osv-coords2 versions
< 4.1.19+ 1 more
- (no CPE)range: < 4.1.19
- (no CPE)range: < 4.1.14
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-cq5f-wv7p-5gfcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-48896ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
News mentions
0No linked articles in our index yet.