BIT-moodle-2021-20281

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2021-20281.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2021-20281

Aliases

CVE-2021-20281
GHSA-93wh-35r4-6qmw

Published

2024-03-06T11:10:54.174Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ]
}

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939041
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
https://moodle.org/mod/forum/discuss.php?d=419652
https://nvd.nist.gov/vuln/detail/CVE-2021-20281

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.5.0

Fixed

3.5.17

Introduced

3.8.0

Fixed

3.8.8

Introduced

3.9.0

Fixed

3.9.5

Introduced

3.10.0

Fixed

3.10.2