CVE-2024-48896 Vulnerability Details

  /     /     /  

CVE-2024-48896 Metadata Quick Info

CVE Published: 18/11/2024 | CVE Updated: 18/11/2024 | CVE Year: 2024
Source: redhat | Vendor: | Product:
Status : PUBLISHED

---

CVE-2024-48896 Description

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users\' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-209
CWE Name: Generation of Error Message Containing Sensitive Information
Source:

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).