PT-2022-20754 · Ilias · Ilias Usertakeover Plugin

Published

2022-06-21

·

Updated

2022-06-28

·

CVE-2022-31478

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions ILIAS UserTakeOver plugin versions prior to 4.0.1
Description The issue allows an attacker to list all users via the search function.
Recommendations For versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2022-31478

Affected Products

Ilias Usertakeover Plugin