Description In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. Remediation References CVE-2017-12157 Related Vulnerabilities Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0272) WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670) PHP Resource Management Errors Vulnerability (CVE-2012-0789) Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734) SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17297) Severity Medium Classification CVE-2017-12157 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities