Description
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sunshine Photo Cart Cross-Site Request Forgery (2.8.28)
Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)
MySQL CVE-2016-0662 Vulnerability (CVE-2016-0662)
WordPress Plugin Two Way CHAT-Send or receive messages to your user Multiple Vulnerabilities (3.1.4)
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321)