CVE-2024-43429
MEDIUMMoodle < 4.1.12 and 4.4.0-4.4.2 - Unprotected User Data Exposure via Gradebook Reports
Title source: llmDescription
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.
References (2)
Core 2
Core References
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=461197
Permissions Required issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2304257
Scores
CVSS v3
5.3
EPSS
0.0032
EPSS Percentile
23.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (2)
moodle/moodle
< 4.1.12
moodle/moodle
4.4.0 - 4.4.2Packagist
Published
Nov 11, 2024
Tracked Since
Feb 18, 2026