GHSA-rjh8-w8jg-xwq5

Source

https://github.com/advisories/GHSA-rjh8-w8jg-xwq5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rjh8-w8jg-xwq5/GHSA-rjh8-w8jg-xwq5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rjh8-w8jg-xwq5

Aliases

CVE-2017-15110

Published

2022-05-17T00:18:11Z

Modified

2024-04-23T23:58:48.104077Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Moodle Exposure of Sensitive Information to an Unauthorized Actor

Details

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

Database specific

{
    "nvd_published_at": "2017-11-20T14:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:42:11Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1

Fixed

3.1.9

Affected versions

v3.*

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2

Fixed

3.2.6

Affected versions

v3.*

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

3.3.3

Affected versions

v3.*

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.3.0

v3.3.1

v3.3.2