A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.

Affected Packages

Packagist moodle/moodle

Affected versions: 4.4.0 (fixed in 4.4.2)

Packagist moodle/moodle

Affected versions: 4.3.0 (fixed in 4.3.6)

Packagist moodle/moodle

Affected versions: 4.2.0 (fixed in 4.2.9)

Packagist moodle/moodle

Affected versions: 0 (fixed in 4.1.12)

Related CVEs

CVE-2024-43429

Key Information

GHSA ID

GHSA-c767-4whh-v7rw

Published

November 11, 2024 3:31 PM

Last Modified

November 12, 2024 9:23 PM

CVSS Score

2.5 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.