CVE-2023-28336: 
PHP vulnerability analysis and mitigation

CVE-2023-28336 is a security vulnerability discovered in Moodle, a Course Management System. The vulnerability was disclosed on March 20, 2023, affecting Moodle versions 4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19, and earlier unsupported versions. The issue involves insufficient filtering of grade report history that could expose user information to unauthorized teachers (Moodle Forum).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability allows teachers to access the names of users they would not otherwise have permission to access through the grade report history feature. This represents a privacy breach within the educational platform's access control system (Moodle Forum).

The vulnerability has been fixed in Moodle versions 4.1.2, 4.0.7, 3.11.13, and 3.9.20. Users are advised to upgrade to these patched versions to mitigate the security risk (Moodle Forum).