Description
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
Remediation
References
Related Vulnerabilities
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.20)
Oracle JRE CVE-2013-2443 Vulnerability (CVE-2013-2443)
Python Other Vulnerability (CVE-2006-1542)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1111)
WordPress Plugin MiwoEvents-Manage & Book Events Unspecified Vulnerability (1.2.0)