CVE-2025-62400

MEDIUM4.3EPSS 0.06%

Moodle exposed the names of hidden groups to users

發布日:2025/10/23修改日:2025/11/18

也稱為:GHSA-422v-w6c5-vq42BIT-moodle-2025-62400

描述

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

受影響套件(2)

Bitnami/moodle>= 4.1.0, < 4.1.21, >= 4.4.0, < 4.4.11, >= 4.5.0, < 4.5.7, >= 5.0.0, < 5.0.3
Packagist/moodle/moodle>= 5.0.0-beta, < 5.0.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-62400
PATCHhttps://github.com/moodle/moodle
WEBhttps://access.redhat.com/security/cve/CVE-2025-62400
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2404433
WEBhttps://github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05
WEBhttps://moodle.org/mod/forum/discuss.php?d=470389