Description

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

Remediation

References

CVE-2017-15110

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5112)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1161)

XWiki Improper Privilege Management Vulnerability (CVE-2023-34465)

IBMHttpServer Other Vulnerability (CVE-2004-1082)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0096)

Severity

Medium

Classification

CVE-2017-15110 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities