CVE-2024-48896

Moodle: users' names returned in messaging error message

Description

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

INFO

Published Date :

2024-11-18T11:13:10.346Z

Last Modified :

2024-11-18T11:13:10.346Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2024-48896 vulnerability.

Vendors	Products
Moodle	Moodle

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-48896.

URL	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2318822

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact