First published: Mon Nov 20 2017(Updated: )
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <=3.0.10 | |
Moodle Moodle | >=3.1<=3.1.8 | |
Moodle Moodle | >=3.2<=3.2.5 | |
Moodle Moodle | >=3.3<=3.3.2 | |
composer/moodle/moodle | >=3.3<3.3.3 | 3.3.3 |
composer/moodle/moodle | >=3.2<3.2.6 | 3.2.6 |
composer/moodle/moodle | >=3.1<3.1.9 | 3.1.9 |
<=3.0.10 | ||
>=3.1<=3.1.8 | ||
>=3.2<=3.2.5 | ||
>=3.3<=3.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.