CVE-2024-48896

CVE-2024-48896: Moodle: users' names returned in messaging error message

Weakness CWE-209 · Error message info leak
Published November 18, 2024
Last update November 18, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

Key dates

02Disclosure timeline

November 18, 2024 CVE published