BIT-moodle-2021-20281

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2021-20281.json

Aliases

CVE-2021-20281
GHSA-93wh-35r4-6qmw

Published

2024-03-06T11:10:54.174Z

Modified

2024-03-06T11:25:28.861Z

Details

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939041
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
https://moodle.org/mod/forum/discuss.php?d=419652

Affected packages

Bitnami / moodle

Package

Name: moodle

Affected ranges

Type: SEMVER
Events: Introduced

3.5.0

Fixed

3.5.17

Introduced

3.8.0

Fixed

3.8.8

Introduced

3.9.0

Fixed

3.9.5

Introduced

3.10.0

Fixed

3.10.2