GHSA-hh52-g5c4-wprh

GitHub Security Advisory

Moodle may allow authenticated users to enumerate other user's names via learning plans page

✓ GitHub Reviewed MODERATE Has CVE

Authenticated users were able to enumerate other users' names via the learning plans page.

Packagist moodle/moodle

Affected versions: 4.1.0 (fixed in 4.1.2)

Packagist moodle/moodle

Affected versions: 4.0.0 (fixed in 4.0.7)

Packagist moodle/moodle

Affected versions: 3.11.0 (fixed in 3.11.13)

Packagist moodle/moodle

Affected versions: 0 (fixed in 3.9.20)

CVE-2023-28334

GHSA ID

GHSA-hh52-g5c4-wprh

Published

March 23, 2023 9:30 PM

Last Modified

April 19, 2024 3:30 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.