Description
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2070 Vulnerability (CVE-2021-2070)
WordPress Plugin WooCommerce PHP Object Injection (3.2.3)
OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0290)
WordPress 4.5.x Prototype Pollution (4.5 - 4.5.25)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)