Description

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

Remediation

References

CVE-2017-15110

Related Vulnerabilities

Lighttpd Other Vulnerability (CVE-2005-0453)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)

WordPress Plugin Import and export users and customers Cross-Site Scripting (1.12)

WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9)

Severity

Medium

Classification

CVE-2017-15110 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities