Description
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Blocks Security Bypass (3.7.0)
Oracle JRE CVE-2018-2798 Vulnerability (CVE-2018-2798)
WordPress Plugin Gettext override translations Cross-Site Scripting (1.0.1)
Joomla! Core 1.6.x Multiple Cross-Site Scripting Vulnerabilities (1.6.0 - 1.6.3)
TCExam Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-20113)