CVE-2023-28336

CVE-2023-28336: Moodle: teacher can access names of users they do not have permission to access

Weakness CWE-200 · Info exposure

Published March 23, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

Key dates

02Disclosure timeline

March 23, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-28336 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2024-13638 Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2025-14528 D-Link DIR-803 Configuration getcfg.php information disclosure CVE-2025-62720 LinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private Links CVE-2020-36850 Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure CVE-2023-29106